Cyber Security News (6th February 2018)

  1. Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

Another vulnerability discovered by Israeli security researcher Barak Tawily, in WordPress.  According to the latest report, a simple yet serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites.  The vulnerability resides in the way “load-scripts.php,” a built-in script in WordPress CMS, processes user-defined requests. Load-scripts.php file has only been designed for admin users to help a website improve performance and load page faster by combining (on the server end) multiple JavaScript files into a single request. According to the researcher, one can simply force load-scripts.php to call all possible JavaScript files (i.e., 181 scripts) in one go by passing their names into the above URL, making the targeted website slightly slow by consuming high CPU and server memory. The vulnerability remains unpatched and affects almost all versions of WordPress released in last nine years

Cyber Security Tips:  To prevent from such attack you are recommended to filtered request, use IP blacklisting, use IDS/IPS to detect the malicious request and keep eye on WordPress to patch this vulnerability.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: