Description

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.

Remediation

References

CVE-2009-3622

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.36)

WordPress Plugin Htaccess by BestWebSoft Cross-Site Request Forgery (1.8.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3715)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)

Java Unspesificed Vulnerability (CVE-2020-14798)

Severity

Medium

Classification

CVE-2009-3622

Tags

Missing Update Known Vulnerabilities