5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
High
0.929 High
EPSS
Percentile
99.0%
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830
cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830
www.debian.org/security/2014/dsa-2999
www.debian.org/security/2014/dsa-3001
core.trac.wordpress.org/changeset/29404
wordpress.org/news/2014/08/wordpress-3-9-2/
www.drupal.org/SA-CORE-2014-004