[wp-trac] [WordPress Trac] #20746: Accessing non-existing theme folder in Network install gives 500 error
WordPress Trac
noreply at wordpress.org
Mon Jun 27 06:01:18 UTC 2016
#20746: Accessing non-existing theme folder in Network install gives 500 error
---------------------------------------+-----------------------------
Reporter: arkimedia | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Future Release
Component: Rewrite Rules | Version: 3.3.2
Severity: normal | Resolution:
Keywords: needs-testing needs-patch | Focuses: multisite
---------------------------------------+-----------------------------
Comment (by arkimedia):
I think that this bug is a (small) security issue too, because this makes
DDOS attacks easier:
1. These requests never go to the cache
2. With random http request attacker could cause 10 internal redirects and
500 error in the server
3. Every error is logged into the error log, which also stresses the
server
--
Ticket URL: <https://core.trac.wordpress.org/ticket/20746#comment:35>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list