WordPress XMLRPC 'system.multicall' Brute Force Amplification Vulnerability

2016年5月31日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 高

概要

WordPress sites are prone to brute force attacks by XMLRPC API using 'System.multicall' method. Attacker can brute force web application password by sending many passwords in one large HTTP request to XMLRPC API.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1007138