Description

The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.

Remediation

References

CVE-2007-0539

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33937)

TwistedHTTP Request Splitting Vulnerability (CVE-2020-10109)

WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

WordPress Plugin The Events Calendar Security Bypass (3.11.2)

Severity

High

Classification

CVE-2007-0539

Tags

Missing Update Known Vulnerabilities