First published: Wed Oct 21 2009(Updated: )
A denial of service (resource exhaustion) flaw was found in the way WordPress used to handle HTTP headers, contained in the "trackback" message, sent to WordPress. A local, unprivileged user could sent a specially-crafted trackback message to running instance of WordPress, leading to its crash. References: ---------- <a href="http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/">http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/</a> <a href="http://seclists.org/fulldisclosure/2009/Oct/263">http://seclists.org/fulldisclosure/2009/Oct/263</a> PoC: ---- <a href="http://codes.zerial.org/php/wp-trackbacks_dos.phps">http://codes.zerial.org/php/wp-trackbacks_dos.phps</a> CVE was requested here: ----------------------- <a href="http://www.openwall.com/lists/oss-security/2009/10/21/2">http://www.openwall.com/lists/oss-security/2009/10/21/2</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=2.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.