Description
WordPress is prone to a vulnerability which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the 'wp-trackback.php' script letting users pass multiple source character encodings to the "mb_convert_encoding()" function, which can be used to cause a high CPU load, potentially resulting in a DoS, thus denying service to legitimate users. WordPress versions prior to 2.8.5 are vulnerable.
Remediation
Update to WordPress version 2.8.5 or latest
References
http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/
http://wordpress.org/news/2009/10/wordpress-2-8-5-hardening-release/
Related Vulnerabilities
WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)
WordPress Plugin Form Builder CP Unspecified Vulnerability (1.2.15)
WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2)
WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.5.1)