WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
Max Base Score
5.0
Published
2007-01-29
Updated
2018-10-16
EPSS
5.46%
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.
Max Base Score
7.8
Published
2007-01-29
Updated
2018-10-16
EPSS
0.95%
2 vulnerabilities found