wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Wordpress
  • Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:3.5.1:*:*:*:*:*:*:*

No data.

References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2013-06/0052.html cve-icon cve-icon
http://codex.wordpress.org/Version_3.5.2 cve-icon cve-icon
http://openwall.com/lists/oss-security/2013/06/12/2 cve-icon cve-icon
http://wordpress.org/news/2013/06/wordpress-3-5-2/ cve-icon cve-icon
http://www.debian.org/security/2013/dsa-2718 cve-icon cve-icon
https://github.com/wpscanteam/wpscan/issues/219 cve-icon cve-icon
https://vndh.net/note:wordpress-351-denial-service cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-06-21T10:00:00

Updated: 2024-08-06T15:27:41.088Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2173

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-06-21T13:57:25.497

Modified: 2013-08-22T06:52:14.387

Link: CVE-2013-2173

cve-icon Redhat

No data.