CVE-2014-5266 Information
Share on:
Feb 14, 2021
cve
Description
The Incutio XML-RPC (IXR) Library as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31 does not limit the number of elements in an XML document which allows remote attackers to cause a denial of service (CPU consumption) via a large document a different vulnerability than CVE-2014-5265.
Reference
http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 http://www.debian.org/security/2014/dsa-2999 http://www.debian.org/security/2014/dsa-3001 https://core.trac.wordpress.org/changeset/29404 https://wordpress.org/news/2014/08/wordpress-3-9-2/ https://www.drupal.org/SA-CORE-2014-004