WordPress Wp-trackback.php Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running WordPress and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause a Denial of Service due to high CPU consumption. Impact Level: System/Application

Solution

Upgrade to WordPress version 2.8.5 or later. http://wordpress.org/download/

Insight

An error occurs in wp-trackbacks.php due to improper validation of user supplied data passed into 'mb_convert_encoding()' function. This can be exploited by sending multiple-source character encodings into the fuction.

Affected

WordPress version prior to 2.8.5 on all platforms.

References

http://secunia.com/advisories/37088/
http://www.vupen.com/english/advisories/2009/2986
http://xforce.iss.net/xforce/xfdb/53884

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3622

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AyeView GIF Image Handling Denial of Service Vulnerability
freeFTPD PORT Command Denial of Service Vulnerability
Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability

WordPress wp-trackback.php Denial of Service Vulnerability

Take action and discover your vulnerabilities