Lucene search
Veracode Vulnerability DatabaseVERACODE:4899HistoryAug 10, 2017 - 8:10 a.m.
Denial Of Service(DoS) Via CPU Consumption
2017-08-1008:10:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.265 Low
EPSS
Percentile
96.8%
WordPress is vulnerable to denial of service (DoS) attacks. The attacks exist because the hashing of large passwords are not properly handled, leading to high CPU usage.
| CPE | Name | Operator | Version |
|---|---|---|---|
| johnpbloch/wordpress-core | eq | 4.0.0 | |
| johnpbloch/wordpress-core | le | 3.8.4 | |
| johnpbloch/wordpress-core | le | 3.7.4 | |
| johnpbloch/wordpress-core | le | 3.9.2 |
References
advisories.mageia.org/MGASA-2014-0493.html
core.trac.wordpress.org/changeset/30467
openwall.com/lists/oss-security/2014/11/25/12
www.debian.org/security/2014/dsa-3085
www.mandriva.com/security/advisories?name=MDVSA-2014:233
www.securitytracker.com/id/1031243
core.trac.wordpress.org/changeset/30467
wordpress.org/news/2014/11/wordpress-4-0-1/
Related
wpvulndb
wpvulndb
WordPress <= 4.0 - Long Password Denial of Service (DoS)
2014-11-20 20:02:12
zdt
zdt
WordPress 4.0 Denial Of Service Exploit
2014-12-01 00:00:00
securityvulns
securityvulns
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)
2014-12-01 00:00:00
[ MDVSA-2014:233 ] wordpress
2014-12-01 00:00:00
patchstack
patchstack
WordPress <=4.0.1 - Denial of Service Attacks
2014-12-01 00:00:00
exploitpack
exploitpack
WordPress 4.0 - Denial of Service
2014-12-01 00:00:00
metasploit
metasploit
WordPress Long Password DoS
2015-01-04 18:50:23
packetstorm
packetstorm
WordPress 4.0 Denial Of Service
2014-11-29 00:00:00
Drupal / WordPress Memory Exhaustion
2014-12-01 00:00:00
exploitdb
exploitdb
WordPress Core 4.0 - Denial of Service
2014-12-01 00:00:00
nvd
nvd
CVE-2014-9034
2014-11-25 23:59:05
cve
cve
CVE-2014-9034
2014-11-25 23:59:05
debiancve
debiancve
CVE-2014-9034
2014-11-25 23:59:05
openvas
openvas
Drupal Password Hashing Denial of Service Vulnerability
2014-12-09 00:00:00
Debian Security Advisory DSA 3085-1 (wordpress - security update)
2014-12-03 00:00:00
Debian: Security Advisory (DSA-3085-1)
2014-12-02 00:00:00
prion
prion
Design/Logic Flaw
2014-11-25 23:59:00
cvelist
cvelist
CVE-2014-9034
2014-11-25 23:00:00
ubuntucve
ubuntucve
CVE-2014-9034
2014-11-25 00:00:00
nessus
nessus
Debian DSA-3085-1 : wordpress - security update
2014-12-04 00:00:00
osv
osv
wordpress - security update
2014-12-03 00:00:00
wordpress - security update
2015-06-01 00:00:00
debian
debian
[SECURITY] [DSA 3085-1] wordpress security update
2014-12-03 08:38:56
[SECURITY] [DLA 236-1] wordpress security update
2015-06-01 12:11:28
freebsd
freebsd
wordpress -- multiple vulnerabilities
2014-11-25 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2014-11-26 20:29:06