Context Navigation

← Previous Ticket
Next Ticket →

#44943 closed defect (bug) (duplicate)

Using component with Known Vulnerability - Unpatched WordPress leading to DoS

Reported by:	frontdoorpentest	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:
Component:	Script Loader	Keywords:
Focuses:		Cc:

Description

I would like to report a vulnerability that is categorized under "A9:2017-Using Components with Known Vulnerabilities" and can lead to denial of service.
Please read the report , before marking as not valid because of DoS ( Note:- there has been no attempt made to DoS the freshbooks web application )

Vulnerability:- https://wordpress.org/ uses word press as a backend engine to run its web application and using CVE-2018-6389 an anonymous user can cause Denial of service. In this vulnerability an attacker will pass all the possible javascript library and the application tries to load all the functions and send it back in response. Passing a large list of js functions can consume lot processing to responed back and if done from various location/ips/browser tabs can lead to DoS. This attack can lead to generate upto 3mb size response per request.

Url :- https://wordpress.org/wp-admin/load-scripts.php?load=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer

Possible fixes:-