CVE Vulnerabilities

CVE-2014-5266

Published: Aug 18, 2014 | Modified: Nov 25, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 3.0.5 3.0.5
Wordpress Wordpress 3.4.0 3.4.0
Wordpress Wordpress 3.6.1 3.6.1
Wordpress Wordpress 3.7 3.7
Wordpress Wordpress 3.5.0 3.5.0
Wordpress Wordpress 3.0.2 3.0.2
Wordpress Wordpress 3.2.1 3.2.1
Wordpress Wordpress 3.1.4 3.1.4
Wordpress Wordpress 3.0 3.0
Wordpress Wordpress 3.2 3.2
Wordpress Wordpress 3.3.3 3.3.3
Wordpress Wordpress * 3.9.1
Wordpress Wordpress 3.0.1 3.0.1
Wordpress Wordpress 3.9.0 3.9.0
Wordpress Wordpress 3.7.1 3.7.1
Wordpress Wordpress 3.1.3 3.1.3
Wordpress Wordpress 3.0.4 3.0.4
Wordpress Wordpress 3.1 3.1
Wordpress Wordpress 3.6 3.6
Wordpress Wordpress 3.2 3.2
Wordpress Wordpress 3.3.2 3.3.2
Wordpress Wordpress 3.1.2 3.1.2
Wordpress Wordpress 3.0.6 3.0.6
Wordpress Wordpress 3.3.1 3.3.1
Wordpress Wordpress 3.8 3.8
Wordpress Wordpress 3.1.1 3.1.1
Wordpress Wordpress 3.8.1 3.8.1
Wordpress Wordpress 3.3 3.3
Wordpress Wordpress 3.5.1 3.5.1
Wordpress Wordpress 3.4.2 3.4.2
Wordpress Wordpress 3.4.1 3.4.1
Wordpress Wordpress 3.0.3 3.0.3

References