GHOST vulnerability scanner
About this tool
The GHOST vulnerability scanner attempts to find servers vulnerable to CVE-2015-0235, also known as the GHOST vulnerability in Glibc <= 2.18. The bug can be detected remotely via Wordpress - which is used to trigger the vulnerability via the XML-RPC interface.
The vulnerability was categorised as highly critical because it could lead to remote code execution on the affected server. A public exploit exists for this vulnerability, however, it targets the Exim mail server. Exploitation for other platforms is considered difficult.
- Wordpress site: This is the URL of the Wordpress installation which will be used to trigger and verify the bug.
How it works
The scanner sends a pingback request to the XML-RPC interface of Wordpress (xmlrpc.php) using a long hostname parameter. If the server is vulnerable, it will respond with a 500 error code or with an abrupt connection close.
The normal functionality of the server is not affected by this scan.