5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
WordPress is vulnerable to denial of service (DoS) attacks. The attacks exist because the hashing of large passwords are not properly handled, leading to high CPU usage.
CPE | Name | Operator | Version |
---|---|---|---|
johnpbloch/wordpress-core | eq | 4.0.0 | |
johnpbloch/wordpress-core | le | 3.8.4 | |
johnpbloch/wordpress-core | le | 3.7.4 | |
johnpbloch/wordpress-core | le | 3.9.2 |
advisories.mageia.org/MGASA-2014-0493.html
core.trac.wordpress.org/changeset/30467
openwall.com/lists/oss-security/2014/11/25/12
www.debian.org/security/2014/dsa-3085
www.mandriva.com/security/advisories?name=MDVSA-2014:233
www.securitytracker.com/id/1031243
core.trac.wordpress.org/changeset/30467
wordpress.org/news/2014/11/wordpress-4-0-1/