CVE-2014-5266
Published: 18 August 2014
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Priority
Status
Package | Release | Status |
---|---|---|
drupal6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|
|
drupal7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.32-1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Does not exist
|
|
lunar |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Needed
|
|
upstream |
Released
(7.31-1)
|
|
utopic |
Not vulnerable
(7.32-1)
|
|
vivid |
Not vulnerable
(7.32-1)
|
|
wily |
Not vulnerable
(7.32-1)
|
|
xenial |
Not vulnerable
(7.32-1)
|
|
yakkety |
Not vulnerable
(7.32-1)
|
|
zesty |
Not vulnerable
(7.32-1)
|
|
mantic |
Does not exist
|
|
wordpress Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.9.2+dfsg-1)
|
|
cosmic |
Not vulnerable
(3.9.2+dfsg-1)
|
|
disco |
Not vulnerable
(3.9.2+dfsg-1)
|
|
focal |
Not vulnerable
(3.9.2+dfsg-1)
|
|
jammy |
Not vulnerable
(3.9.2+dfsg-1)
|
|
kinetic |
Not vulnerable
(3.9.2+dfsg-1)
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(3.9.2+dfsg-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(3.8.2+dfsg-1ubuntu0.1)
|
|
upstream |
Released
(3.9.2+dfsg-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(3.9.2+dfsg-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
(3.9.2+dfsg-1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266
- https://core.trac.wordpress.org/changeset/29405/branches/3.9
- https://www.drupal.org/SA-CORE-2014-004
- https://wordpress.org/news/2014/08/wordpress-3-9-2/
- https://core.trac.wordpress.org/changeset/29404
- http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830
- http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830
- NVD
- Launchpad
- Debian