|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-11-20 | |
| Rule Name: | Drupal Core XML-RPC Endpoint Xmlrpc.php Tags Denial of Service Vulnerability -1 (CVE-2014-5266) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Mac OS, Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830 http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830 http://www.debian.org/security/2014/dsa-2999 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://www.drupal.org/SA-CORE-2014-004 |