CVE-2013-2173 — Wordpress vulnerability

CWE-3107 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.7%

top 17.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJun 21

Latest updateMay 17

Description

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.5.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.5.2+dfsg-1+3

▶NVDwordpress/wordpress3.5.1

🔴Vulnerability Details

GHSA

GHSA-493m-xch4-834v: wp-includes/class-phpass↗2022-05-17

▶

OSV

CVE-2013-2173: wp-includes/class-phpass↗2013-06-21

▶

📋Vendor Advisories

Debian

CVE-2013-2173: wordpress - wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post ...↗2013

▶

💬Community

Bugzilla

CVE-2013-2173 wordpress: DoS when computing user-input hash for certain password protected blogs↗2013-06-11

▶

Bugzilla

CVE-2013-2173 wordpress: DoS when computing user-input hash for certain password protected blogs [epel-all]↗2013-06-11

▶

Bugzilla

CVE-2013-2173 wordpress: DoS when computing user-input hash for certain password protected blogs [fedora-all]↗2013-06-11

▶