Security Advisory SA53676 – WordPress Password Protected Posts Denial of Service Vulnerability – Secunia
Category: Word Press
Description
Krzysztof Katowicz-Kowalewski has discovered a vulnerability in WordPress, which can be exploited by malicious people to cause DoS (Denial of Service).
The vulnerability is caused due to an error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php and can be exploited to exhaust CPU and memory resources by sending HTTP requests with a specially crafted password cookie.
Successful exploitation requires the knowledge of the URL for a password-protected post.
The vulnerability is confirmed in version 3.5.1. Other versions may also be affected.
Solution No official solution is currently available.
Provided and/or discovered by Krzysztof Katowicz-Kowalewski
Original Advisory Krzysztof Katowicz-Kowalewski: https://vndh.net/note:wordpress-351-denial-service
Deep Links Links available to Secunia VIM customers
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Follow this link:
Security Advisory SA53676 - WordPress Password Protected Posts Denial of Service Vulnerability - Secunia
Related Posts
- Malaysia Airlines' lack of early word on missing plane angers many Beijing relatives - March 11th, 2014 [March 11th, 2014]
- PRESS RELEASE: Ekotechnika GmbH: Creditreform adjusts rating outlook to 'watch' - March 11th, 2014 [March 11th, 2014]
- PRESS RELEASE: Epigenomics and VSA receive approval to market Epi proColon in Argentina - March 11th, 2014 [March 11th, 2014]
- PRESS RELEASE: Ekosem-Agrar GmbH: Creditreform adjusts rating outlook to 'watch' - March 11th, 2014 [March 11th, 2014]
- PRESS RELEASE: YOUNIQ AG publishes preliminary consolidated net result for financial year 2013 - March 11th, 2014 [March 11th, 2014]
- PRESS RELEASE: technotrans AG: technotrans -2- - March 11th, 2014 [March 11th, 2014]
- Work From No Home Does It Work + Work From No Home Pdf - Video - March 9th, 2014 [March 9th, 2014]
- Kansas City-area spelling bee finally ends - March 9th, 2014 [March 9th, 2014]
- AP Exclusive: Man denies he's bitcoin creator - March 8th, 2014 [March 8th, 2014]
- Charges dropped against trio accused of using y-word slur - March 8th, 2014 [March 8th, 2014]
- PRESS RELEASE: DF Deutsche Forfait AG publishes preliminary 2013 financials - March 8th, 2014 [March 8th, 2014]
- Word Press Blog Unordered List With symbol - Video - March 6th, 2014 [March 6th, 2014]
- Who can use the N word? - March 6th, 2014 [March 6th, 2014]
- PRESS RELEASE: Manz AG returns to the TecDAX - March 6th, 2014 [March 6th, 2014]
- PRESS RELEASE: Ekotechnika GmbH rated B (outlook: stable) by Creditreform - March 6th, 2014 [March 6th, 2014]
- PRESS RELEASE: Ad hoc announcement: Rickmers bond increased to 250 million Euros - March 6th, 2014 [March 6th, 2014]
- Meyer, Widlitz Join GHS 'End the R-Word' Effort - March 6th, 2014 [March 6th, 2014]
- PRESS RELEASE: AURELIUS: Convincing preliminary figures for 2013 - March 5th, 2014 [March 5th, 2014]
- PRESS RELEASE: Epigenomics AG: Clinical study conducted in the Czech Republic confirms blood-based Septin9 test to be ... - March 5th, 2014 [March 5th, 2014]
- PRESS RELEASE: ORCO GERMANY S.A. raising EUR 36 million and seeks an additional EUR 36M through capital increase - March 5th, 2014 [March 5th, 2014]
- Press the President Celebrates International Women's Day - March 4th, 2014 [March 4th, 2014]
- PRESS RELEASE: Wacker Neuson SE: Wacker Neuson on the path to success despite weak market - March 4th, 2014 [March 4th, 2014]
- PRESS RELEASE: Cevian Capital AG: European Investor Cevian Capital Increases its Stake in ThyssenKrupp to 15.1 Percent - March 4th, 2014 [March 4th, 2014]
- PRESS RELEASE: Eckert & Ziegler Awards Travel Grants to Young Scientists in Nuclear Medicine - March 4th, 2014 [March 4th, 2014]
- How to make money with a word press blog - Video - March 3rd, 2014 [March 3rd, 2014]
- Your Professional Word Press Site Cheap! - Video - March 3rd, 2014 [March 3rd, 2014]
- A Press Room salute to the memorable Tom Hall - March 3rd, 2014 [March 3rd, 2014]
- Foreign Office spurned free Press day 'to duck attack on Royal Charter' - March 3rd, 2014 [March 3rd, 2014]
- PRESS RELEASE: Geratherm Medical AG: New SRA Technology detects atrial fibrillation at an early stage and prevents ... - March 3rd, 2014 [March 3rd, 2014]
- PRESS RELEASE: Salzgitter AG: Key data for the financial year 2013 - Crisis in Europe's industry impacts the financial ... - March 2nd, 2014 [March 2nd, 2014]
- PRESS RELEASE: FUCHS increases sales revenues and earnings again in 2013 - February 28th, 2014 [February 28th, 2014]
- Proof press couldnt ask Ronan personal questions - February 28th, 2014 [February 28th, 2014]
- PRESS RELEASE: Nordex SE: Strong growth and return to profit in 2013 - February 28th, 2014 [February 28th, 2014]
- FABULOUSBEAUTIES - Video - February 27th, 2014 [February 27th, 2014]
- Word Press themes_09 - Video - February 27th, 2014 [February 27th, 2014]
- PRESS RELEASE: HOMAG Group increases net profit for the year by 45 percent - February 27th, 2014 [February 27th, 2014]
- PRESS RELEASE: Allianz SE: Allianz finishes -2- - February 27th, 2014 [February 27th, 2014]
- Word Press Page Editing - Video - February 27th, 2014 [February 27th, 2014]
- Op-ed: Go Ahead and Call Me What You Want - February 27th, 2014 [February 27th, 2014]
- PRESS RELEASE: Gerry Weber confirms international growth strategy - February 27th, 2014 [February 27th, 2014]
- Borges: N-word a lost debate - February 27th, 2014 [February 27th, 2014]
- PRESS RELEASE: DAB Bank generated strong operating growth in financial year 2013 - February 27th, 2014 [February 27th, 2014]
- "Freeway2Success" Launches "Recipes4YourSuccess" Making Money Blogging and YouTube! - Video - February 25th, 2014 [February 25th, 2014]
- Video Tutorial Blog Word Press. Christian Carrera Cabrera - Video - February 25th, 2014 [February 25th, 2014]
- PRESS RELEASE: WILEX AG: Professor Olaf G. Wilhelm leaves the Executive Management Board on 31 March 2014, Dr Jan ... - February 25th, 2014 [February 25th, 2014]
- PRESS RELEASE: QSC AG takes over encryption specialist FTAPI - February 25th, 2014 [February 25th, 2014]
- PRESS RELEASE: SolarWorld AG successfully closes financial restructuring - February 25th, 2014 [February 25th, 2014]
- PRESS RELEASE: CASSONA SE: CASSONA's oil property contains about 50.8 million barrel light oil and about 102.6 million ... - February 25th, 2014 [February 25th, 2014]
- PRESS RELEASE: PNE WIND AG receives approval for the UK wind farm project Tralorg - February 22nd, 2014 [February 22nd, 2014]
- site template Cherry - Responsive News and Magazine Theme Download - Video - February 20th, 2014 [February 20th, 2014]
- PRESS RELEASE: TAKKT: Solid operating key figures -2- - February 20th, 2014 [February 20th, 2014]
- PRESS RELEASE: Ferratum Group: Starting signal in Germany and Romania - February 20th, 2014 [February 20th, 2014]
- PRESS RELEASE: Grammer AG with new record in 2013 - February 20th, 2014 [February 20th, 2014]
- PRESS RELEASE: Elmos Semiconductor AG: Strong final quarter 2013 sets sales record - February 20th, 2014 [February 20th, 2014]
- PRESS RELEASE: FAST Casualwear AG receives another large order from Europe - February 19th, 2014 [February 19th, 2014]
- Google's Official Word: Don't Be a Glasshole - February 19th, 2014 [February 19th, 2014]
- PRESS RELEASE: comdirect: pre-tax profit of EUR 80.0m - 2.83 million customers - dividend proposal of 36 cents per share - February 19th, 2014 [February 19th, 2014]
- PRESS RELEASE: Intershop reports licensing revenues up 20% in financial year 2013 - February 19th, 2014 [February 19th, 2014]
- PRESS RELEASE: NORMA Group generates record sales and earnings in 2013 - February 19th, 2014 [February 19th, 2014]
- PRESS RELEASE: euromicron AG: Future-proof DMR solution - February 18th, 2014 [February 18th, 2014]
- " Central Africa, We are with you" Muslim Thoughts on Central African Republic Conflict. - Video - February 18th, 2014 [February 18th, 2014]
- PRESS RELEASE: Changes to the Management Board of centrotherm photovoltaics AG - February 18th, 2014 [February 18th, 2014]
- PRESS RELEASE: Grand City Properties S.A., : successfully places EUR 150 million convertible bonds - February 18th, 2014 [February 18th, 2014]
- Snippet "Don't Tell me You did know" Ep 1 "Black History Month and the untold story - Video - February 17th, 2014 [February 17th, 2014]
- PRESS RELEASE: Grand City Properties S.A. launches a convertible bond offering - February 17th, 2014 [February 17th, 2014]
- PRESS RELEASE: Dr. Claus Vielsack appointed member of the management board of STRATEC for Product Development - February 17th, 2014 [February 17th, 2014]
- PRESS RELEASE: ENTRADE Energiesysteme AG presents plants generating energy from wood at bio-energy conference in Moscow - February 17th, 2014 [February 17th, 2014]
- PRESS RELEASE: Hoeft & Wessel exhibits ticketing solutions portfolio at IT-Trans trade fair (news with additional ... - February 17th, 2014 [February 17th, 2014]
- How To Put An Opt-In Form In Word Press - Video - February 15th, 2014 [February 15th, 2014]
- All-Star Event 2014 | Iphone 7.1 Beta 5 - Video - February 15th, 2014 [February 15th, 2014]
- video ne di lebokne word press - Video - February 15th, 2014 [February 15th, 2014]
- PRESS RELEASE: Standard & Poor's Ratings Services raised Grand City Properties S.A. rating to 'BB+' based on stronger ... - February 15th, 2014 [February 15th, 2014]
- A word is anything I say it means - February 15th, 2014 [February 15th, 2014]
- Press freedom: Why does the govt keep shooting itself in the foot? - February 15th, 2014 [February 15th, 2014]
- PRESS RELEASE: NORMA Group holds 100% of shares in Chien Jin Plastic, Malaysia - February 10th, 2014 [February 10th, 2014]
- PRESS RELEASE: Prime Office AG: Individual shareholders initiated special proceedings - February 10th, 2014 [February 10th, 2014]
- PRESS RELEASE: Mensch und Maschine Software SE discloses preliminary 2013 figures - February 10th, 2014 [February 10th, 2014]
- PRESS RELEASE: TAG Immobilien AG announces EUR 110m increase in its 2013/2018 corporate bond - February 10th, 2014 [February 10th, 2014]
- PRESS RELEASE: Epigenomics AG: Epigenomics Further Strengthens Intellectual Property Coverage for Epi proColon in the ... - February 10th, 2014 [February 10th, 2014]
- Sage Kotsenburg Stoked at Sochi - February 10th, 2014 [February 10th, 2014]