HTTP: WordPress load-scripts.php Denial Of Service

This signature detects attempt to exploit denial of service vulnerability which is present in WordPress. A remote attacker could exploit this vulnerability by sending crafted requests to a vulnerable server. Successful exploitation would exhaust the resources of the target server, possibly resulting in denial-of-service conditions.

Extended Description

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

Affected Products

Wordpress wordpress

References

CVE: CVE-2018-6389

URL: https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-dos-of-https-research-adobe-com-via-cve-2018-6389-exploitation-shirshak/ http://twitter.com/RedPacketSec/status/1580604990892040193

Short Name

HTTP:WORDPRESS-LS-DOS

Severity

Major

Recommended

True

Recommended Action

Drop

HTTP: WordPress load-scripts.php Denial Of Service

Extended Description

Affected Products

References

Found a potential security threat?