This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:DOS:DRUPAL-XMLRPC-TAGS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Drupal Core XML-RPC Endpoint Tags Denial of Service
|
Release Date |
2014/09/18
|
Update Number |
2420
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Drupal Core XML-RPC Endpoint Tags Denial of Service
This signature detects attempts to exploit a known vulnerability against Drupal Core XMLRPC Endpoint. A successful attack can result in a denial-of-service condition. The vulnerability is due to an input validation error when XML-RPC endpoint handles an unreasonably large number of tags, which can cause a very high CPU load and memory exhaustion.
Extended Description
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Affected Products
- Debian debian_linux 7.0
- Drupal drupal 6.0
- Drupal drupal 6.1
- Drupal drupal 6.10
- Drupal drupal 6.11
- Drupal drupal 6.12
- Drupal drupal 6.13
- Drupal drupal 6.14
- Drupal drupal 6.15
- Drupal drupal 6.16
- Drupal drupal 6.17
- Drupal drupal 6.18
- Drupal drupal 6.19
- Drupal drupal 6.2
- Drupal drupal 6.20
- Drupal drupal 6.21
- Drupal drupal 6.22
- Drupal drupal 6.23
- Drupal drupal 6.24
- Drupal drupal 6.25
- Drupal drupal 6.26
- Drupal drupal 6.27
- Drupal drupal 6.28
- Drupal drupal 6.29
- Drupal drupal 6.3
- Drupal drupal 6.30
- Drupal drupal 6.31
- Drupal drupal 6.32
- Drupal drupal 6.4
- Drupal drupal 6.5
- Drupal drupal 6.6
- Drupal drupal 6.7
- Drupal drupal 6.8
- Drupal drupal 6.9
- Drupal drupal 7.0
- Drupal drupal 7.1
- Drupal drupal 7.10
- Drupal drupal 7.11
- Drupal drupal 7.12
- Drupal drupal 7.13
- Drupal drupal 7.14
- Drupal drupal 7.15
- Drupal drupal 7.16
- Drupal drupal 7.17
- Drupal drupal 7.18
- Drupal drupal 7.19
- Drupal drupal 7.2
- Drupal drupal 7.20
- Drupal drupal 7.21
- Drupal drupal 7.22
- Drupal drupal 7.23
- Drupal drupal 7.24
- Drupal drupal 7.25
- Drupal drupal 7.26
- Drupal drupal 7.27
- Drupal drupal 7.28
- Drupal drupal 7.29
- Drupal drupal 7.3
- Drupal drupal 7.30
- Drupal drupal 7.4
- Drupal drupal 7.5
- Drupal drupal 7.6
- Drupal drupal 7.7
- Drupal drupal 7.8
- Drupal drupal 7.9
- Drupal drupal 7.x-dev
- Wordpress wordpress 3.0
- Wordpress wordpress 3.0.1
- Wordpress wordpress 3.0.2
- Wordpress wordpress 3.0.3
- Wordpress wordpress 3.0.4
- Wordpress wordpress 3.0.5
- Wordpress wordpress 3.0.6
- Wordpress wordpress 3.1
- Wordpress wordpress 3.1.1
- Wordpress wordpress 3.1.2
- Wordpress wordpress 3.1.3
- Wordpress wordpress 3.1.4
- Wordpress wordpress 3.2
- Wordpress wordpress 3.2.1
- Wordpress wordpress 3.3
- Wordpress wordpress 3.3.1
- Wordpress wordpress 3.3.2
- Wordpress wordpress 3.3.3
- Wordpress wordpress 3.4.0
- Wordpress wordpress 3.4.1
- Wordpress wordpress 3.4.2
- Wordpress wordpress 3.5.0
- Wordpress wordpress 3.5.1
- Wordpress wordpress 3.6
- Wordpress wordpress 3.6.1
- Wordpress wordpress 3.7
- Wordpress wordpress 3.7.1
- Wordpress wordpress 3.8
- Wordpress wordpress 3.8.1
- Wordpress wordpress 3.9.0
- Wordpress wordpress 3.9.1
References