VDB
CVE-2014-5266
CVE-2014-5266
PUBLISHED
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
EPSS 76.31% · 99.0th percentile
Risk Scores
EPSS Score
76.31%
99.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | drupal7 | 0, 7.23-1, 7.24-1 |
| Ubuntu:14.04:LTS | wordpress | 0, 3.6.1+dfsg-1, 3.7.1+dfsg-1 |
Exploit Intelligence
- CIRCL seen: CVE-2014-5266 (circl-sighting)
- CIRCL seen: CVE-2014-5266 (circl-sighting)
- CIRCL seen: CVE-2014-5266 (circl-sighting)
- DSA-3001 (circl)
- https://wordpress.org/news/2014/08/wordpress-3-9-2/ (circl)
- https://www.drupal.org/SA-CORE-2014-004 (circl)
- http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 (circl)
- DSA-2999 (circl)
- http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 (circl)
- https://core.trac.wordpress.org/changeset/29404 (circl)
Timeline
- Aug 18, 2014 CVE Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-5266 third-party-advisory
- https://core.trac.wordpress.org/changeset/29405/branches/3.9 third-party-advisory
- https://www.drupal.org/SA-CORE-2014-004 third-party-advisory
- https://wordpress.org/news/2014/08/wordpress-3-9-2/ third-party-advisory
- https://core.trac.wordpress.org/changeset/29404 third-party-advisory
- http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 third-party-advisory
- http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-5266 third-party-advisory