Published: 25/11/2014 Updated: 04/04/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

wp-includes/class-phpass.php in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 allows remote malicious users to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 3.9.2
wordpress wordpress 4.0
wordpress wordpress
wordpress wordpress 3.8
wordpress wordpress 3.8.1
wordpress wordpress 3.8.2
wordpress wordpress 3.8.3
wordpress wordpress 3.9
wordpress wordpress 3.8.4
wordpress wordpress 3.9.1

Debian Bug report logs - #783347 wordpress: New critical security release available: 412 (CVE-2015-3438 CVE-2015-3439) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> ...

Debian Bug report logs - #770425 wordpress: CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 (issues fixed in 401 security release) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bona ...

Debian Bug report logs - #783554 wordpress: New critical security release available: 421 (CVE-2015-3440) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Mon, 27 Apr 2015 22:24:02 UTC Severity: important Tags: security Found ...

<?php echo "\nCVE-2014-9034 | WordPress <= v40 Denial of Service Vulnerability\n"; echo "Proof-of-Concept developed by john@securelicom (securelicom)\n\n"; echo "usage: php wordpressedphp domaincom username numberOfThreads\n"; echo " eg: php wordpressedphp wordpressorg admin 50\n\n"; echo "Sending POST data (username: " $a ...

==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Wordpress < 401 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion This may lead to the site becoming unavailable or unrespo ...

A vulnerability present in Drupal versions prior to 734 and WordPress versions prior to 401 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion This may lead to the site becoming unavailable or unresponsive (denial of service) ...

WordPress versions 40 and below suffer from a denial of service vulnerability ...

Python scripts to exploit CVE-2014-9016 and CVE-2014-9034

wp_drupal_timing_attack Python scripts to exploit CVE-2014-9016 and CVE-2014-9034 For legal purposes only

CWE-19 http://core.trac.wordpress.org/changeset/30467 https://wordpress.org/news/2014/11/wordpress-4-0-1/http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://advisories.mageia.org/MGASA-2014-0493.html http://www.securitytracker.com/id/1031243 https://nvd.nist.gov https://github.com/c0r3dump3d/wp_drupal_timing_attack https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347 https://www.exploit-db.com/exploits/35413/

CVE-2014-9034

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect