5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.929 High
EPSS
Percentile
99.0%
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and
Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of
elements in an XML document, which allows remote attackers to cause a
denial of service (CPU consumption) via a large document, a different
vulnerability than CVE-2014-5265.
cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830
cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830
core.trac.wordpress.org/changeset/29404
core.trac.wordpress.org/changeset/29405/branches/3.9
launchpad.net/bugs/cve/CVE-2014-5266
nvd.nist.gov/vuln/detail/CVE-2014-5266
security-tracker.debian.org/tracker/CVE-2014-5266
wordpress.org/news/2014/08/wordpress-3-9-2/
www.cve.org/CVERecord?id=CVE-2014-5266
www.drupal.org/SA-CORE-2014-004