CVE-2013-2173

Published: 21 June 2013

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.

Priority

Medium

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.5.2+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.9.5+dfsg1-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.2+dfsg-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.8.2+dfsg-1ubuntu0.1])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needed)