WordPress XMLRPC 'system.multicall' Brute Force Amplification Vulnerability
Severity: : High
Advisory Date: 31 de мая de 2016
DESCRIPTION
WordPress sites are prone to brute force attacks by XMLRPC API using 'System.multicall' method. Attacker can brute force web application password by sending many passwords in one large HTTP request to XMLRPC API.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1007138