Veracode Vulnerability DatabaseVERACODE:22381Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
wordpress is vulnerable to denial of service. The vulnerability exists in because an unauthenticated attacker is able to crash the application by submitting a large list of registered .js files to cause each file to be loaded multiple times, leading to excessive resource consumption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| johnpbloch/wordpress | le | 5.4.2 | |
| johnpbloch/wordpress-core | le | 5.4.2 | |
| johnpbloch/wordpress | le | 5.4.2 | |
| johnpbloch/wordpress-core | le | 5.4.2 |
References
www.securityfocus.com/bid/103060
www.securitytracker.com/id/1040347
baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
core.trac.wordpress.org/ticket/43308
github.com/UltimateHackers/Shiva
github.com/WazeHell/CVE-2018-6389
github.com/WordPress/WordPress/commit/24f0d521eaf9572e61dfac750eeca88af0a1dd46
github.com/WordPress/WordPress/commit/9de6b3acac8432e32e21d05c154e50904f88a393
github.com/WordPress/WordPress/pull/343
thehackernews.com/2018/02/wordpress-dos-exploit.html
wpvulndb.com/vulnerabilities/9021
www.exploit-db.com/exploits/43968/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P