WordPress XMLRPC 'system.multicall' Brute Force Amplification Vulnerability
Severity: HIGH
Advisory Date: MAY 31, 2016
DESCRIPTION
WordPress sites are prone to brute force attacks by XMLRPC API using 'System.multicall' method. Attacker can brute force web application password by sending many passwords in one large HTTP request to XMLRPC API.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1007138