WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1)

Description

WordPress is prone to a vulnerability which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the 'wp-register.php' script against which attackers can trigger repeated registration to cause a high CPU load, potentially resulting in a Denial of Service. WordPress versions 2.0.1 and prior are all vulnerable.

Remediation

Update to WordPress version 2.0.2 or latest

References

http://www.securityfocus.com/archive/1/427152/30/0/threaded

http://packetstormsecurity.org/files/44497/HYSA-2006-005.txt

http://www.securiteam.com/exploits/5NP062KI0C.html

Related Vulnerabilities

WordPress Plugin Cimy User Extra Fields Arbitrary File Upload (2.3.7)

Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)

Serendipity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-6242)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.13)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35153)

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Denial Of Service