Candidate: CVE-2009-3622
PublicDate: 2009-10-23 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3622
Description:
 Algorithmic complexity vulnerability in wp-trackback.php in WordPress
 before 2.8.5 allows remote attackers to cause a denial of service (CPU
 consumption and server hang) via a long title parameter in conjunction with
 a charset parameter composed of many comma-separated "UTF-8" substrings,
 related to the mb_convert_encoding function in PHP.
Ubuntu-Description:
Notes:
 ari-tczew> Exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps
 jdstrand> fixed in 2.5.1-11+lenny3
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (2.8.5)
dapper_wordpress: ignored (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: ignored (reached end-of-life)
karmic_wordpress: ignored (reached end-of-life)
lucid_wordpress: not-affected (2.8.6-1ubuntu1)
maverick_wordpress: not-affected (2.8.6-1ubuntu1)
natty_wordpress: not-affected (2.8.6-1ubuntu1)
oneiric_wordpress: not-affected (2.8.6-1ubuntu1)
devel_wordpress: not-affected (2.8.6-1ubuntu1)