//
you're reading...
Security News

Flaw leading to denial of service found in the latest WordPress

A Polish security researcher has found a flaw in the latest version of WordPress, version 3.5.1. He reported it to WordPress, but with no response after 7 days he went public

The flaw probably won’t affect too many users. It requires a password-protected page within a self-hosted WordPress site; and almost by definition, bloggers and users of blogging software want to publicize rather than protect their pages. However, if such a page exists and an attacker can find it, he could manipulate the password process to effect denial of service. In announcing the flaw, Krzysztof Katowicz-Kowalewski included a temporary patch that can be used pending an official patch from WordPress.

Fore more informatin refer to the following link:

http://www.infosecurity-magazine.com/view/32925/flaw-leading-to-denial-of-service-found-in-the-latest-wordpress/

 

Advertisements

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: