CVE-2014-5266 — MEDIUM (5.0)

Q: How severe is CVE-2014-5266?

CVE-2014-5266 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-5266?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Drupal Drupal, Debian Debian Linux.

Vulnerability Description

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Wordpress	Wordpress	<= 3.9.1
Drupal	Drupal	6.0
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2014-5266?

CVE-2014-5266 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attac...

How severe is CVE-2014-5266?

CVE-2014-5266 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5266?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Drupal Drupal, Debian Debian Linux.