WordPress CVE-2018-6389 – DoS

There is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster.

You can ask them to combine a huge amount of files, the result will be a huge load and it may kill your webserver.

There is an unofficial patch or you can limit the size of requests for load scripts:

For Apache

For Nginx

Question is: Do you still need it in the age of HTTP/2?

Posts

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

Leave a Reply Cancel reply