wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-236-1 | wordpress security update |
![]() |
DSA-3085-1 | wordpress security update |
![]() |
EUVD-2014-8866 | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T13:33:13.352Z
Reserved: 2014-11-20T00:00:00
Link: CVE-2014-9038

No data.

Status : Deferred
Published: 2014-11-25T23:59:09.287
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-9038

No data.

No data.