HTTP: Wordpress CVE-2015-0235 glibc Hostname RCE
This signature detects an attempt to exploit a known vulnerability in WordPress while passing the hostname value as an argument to "GetHOSTbyname" function which is being implemented in glibc library. Successful exploitation could allow an attacker to craft a malicious arbitrary string and could lead to further attacks.
Extended Description
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Affected Products
Php php
Short Name
HTTP:PHP:GHOST-GLIBC-WP
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-0235 Hostname RCE Wordpress glibc
Release Date
02/02/2015
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3831
False Positive
Unknown
Vendors
Oracle
Debian
Gnu
Redhat
Ibm
Apple
Php
CVSS Score
10.0