CVE-2018-6389

EUVD-2018-18146
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
wordpresswordpress
𝑥
≤ 4.9.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103060
http://www.securitytracker.com/id/1040347
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
https://github.com/UltimateHackers/Shiva
https://github.com/WazeHell/CVE-2018-6389
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
https://wpvulndb.com/vulnerabilities/9021
https://www.exploit-db.com/exploits/43968/
http://www.securityfocus.com/bid/103060
http://www.securitytracker.com/id/1040347
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
https://github.com/UltimateHackers/Shiva
https://github.com/WazeHell/CVE-2018-6389
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
https://wpvulndb.com/vulnerabilities/9021
https://www.exploit-db.com/exploits/43968/