// For flags

CVE-2014-9034

WordPress Core < 4.0.1 - Denial of Service via Long Password

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.

wp-includes/class-phpass.php en WordPress anterior a 3.7.5, 3.8.x anterior a 3.8.5, 3.9.x anterior a 3.9.3, y 4.x anterior a 4.0.1 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de una contraseña larga que no se maneja debidamente durante la creación de hashes, un problema similar a CVE-2014-9016.

A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

*Credits: Javier Nieto Arevalo,Andres Rojas Guerrero
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-20 CVE Reserved
  • 2014-11-20 CVE Published
  • 2014-12-01 First Exploit
  • 2024-08-06 CVE Updated
  • 2024-08-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-19: Data Processing Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 <= 3.7.4
Search vendor "Wordpress" for product "Wordpress" and version " <= 3.7.4"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.8
Search vendor "Wordpress" for product "Wordpress" and version "3.8"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.8.1
Search vendor "Wordpress" for product "Wordpress" and version "3.8.1"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.8.2
Search vendor "Wordpress" for product "Wordpress" and version "3.8.2"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.8.3
Search vendor "Wordpress" for product "Wordpress" and version "3.8.3"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.8.4
Search vendor "Wordpress" for product "Wordpress" and version "3.8.4"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.9
Search vendor "Wordpress" for product "Wordpress" and version "3.9"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.9.1
Search vendor "Wordpress" for product "Wordpress" and version "3.9.1"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 3.9.2
Search vendor "Wordpress" for product "Wordpress" and version "3.9.2"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 4.0
Search vendor "Wordpress" for product "Wordpress" and version "4.0"
-
Affected