WordPress CVE-2018-6389 – DoS

There is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster.

You can ask them to combine a huge amount of files, the result will be a huge load and it may kill your webserver.

There is an unofficial patch or you can limit the size of requests for load scripts:

For Apache

For Nginx

Question is: Do you still need it in the age of HTTP/2?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s