|Description||WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|wordpress (PTS)||wheezy (security), wheezy||3.6.1+dfsg-1~deb7u10||fixed|
|jessie (security), jessie||4.1+dfsg-1+deb8u8||fixed|
The information below is based on the following data on fixed versions.