CVE-2014-5266 Information

Description

The Incutio XML-RPC (IXR) Library as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31 does not limit the number of elements in an XML document which allows remote attackers to cause a denial of service (CPU consumption) via a large document a different vulnerability than CVE-2014-5265.

Reference

http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 http://www.debian.org/security/2014/dsa-2999 http://www.debian.org/security/2014/dsa-3001 https://core.trac.wordpress.org/changeset/29404 https://wordpress.org/news/2014/08/wordpress-3-9-2/ https://www.drupal.org/SA-CORE-2014-004