UBUNTU-CVE-2014-5266

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-5266

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-5266.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-5266

Related

CVE-2014-5266

Published

2014-08-18T11:15:00Z

Modified

2024-12-18T16:38:04Z

Summary

[none]

Details

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

References

Affected packages

Ubuntu:14.04:LTS / wordpress

Package

Name: wordpress
Purl: pkg:deb/ubuntu/wordpress?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.2+dfsg-1ubuntu0.1

Affected versions

3.*

3.6.1+dfsg-1

3.7.1+dfsg-1

3.8.1+dfsg-1

3.8.1+dfsg1-2

3.8.2+dfsg-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.8.2+dfsg-1ubuntu0.1",
            "binary_name": "wordpress"
        },
        {
            "binary_version": "3.8.2+dfsg-1ubuntu0.1",
            "binary_name": "wordpress-l10n"
        },
        {
            "binary_version": "3.8.2+dfsg-1ubuntu0.1",
            "binary_name": "wordpress-theme-twentyfourteen"
        },
        {
            "binary_version": "3.8.2+dfsg-1ubuntu0.1",
            "binary_name": "wordpress-theme-twentythirteen"
        },
        {
            "binary_version": "3.8.2+dfsg-1ubuntu0.1",
            "binary_name": "wordpress-theme-twentytwelve"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / drupal7

Package

Name: drupal7
Purl: pkg:deb/ubuntu/drupal7?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.23-1

7.24-1

7.24-2

7.26-1

7.26-1ubuntu0.1

7.26-1ubuntu0.1+esm1

7.26-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}