PHP Attack Puts WordPress and Drupal at Risk

Aug 11, 2014

All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.

The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.

Linux Administration

Keep your edge with these powerful Linux administration tools:

Turbocharge Your Network with Zeroshell
Using ARP for Network Recon
Monitor Your Network with Zabbix
An Open Source Audio Editor and Recorder
Managing Network Bandwidth with Trickle
Become a certified Linux Admin professional with the Linux Professional Institute LPIC-1 Systems Administrator certification.

News

Chromium-Based Browsers Will Ignore Google’s Ad-Blocking Ban

Brave Opera and Vivaldi will not implement Google’s changes that will cripple ad-blockers.
Zorin OS 15 Released

The new release is based on Ubuntu 18.04 LTS.
Ubuntu to Package Proprietary Nvidia Driver

Ubuntu

Canonical is making it easier for users to install proprietary Nvidia drivers.
openSUSE Leap 15.1 Released

Better hardware support.
Red Hat Enterprise Linux 8 Available

An OS redesigned for the hybrid cloud era.
Google Brings Linux to Chromebook

All new Chromebooks will be capable of running Linux.
Fedora Project Announces Fedora 30

The latest version comes with new tools and a new alignment of the various Fedora editions.
The Apache Software Foundation Completes Migration To GitHub

The foundation has decommissioned its own Git service.
Canonical Combines its Services in a Single Package

Now customers can gain access to all of its services under Ubuntu Advantage offering.
Black Hole Image Has an Open Source Connection

Community

Two imaging libraries responsible for the image are fully open source.

PHP Attack Puts WordPress and Drupal at Risk

Related content

Issue 224/2019

Buy this issue as a PDF

Linux Administration

Keep your edge with these powerful Linux administration tools:

News

Chromium-Based Browsers Will Ignore Google’s Ad-Blocking Ban

Zorin OS 15 Released

Ubuntu to Package Proprietary Nvidia Driver

openSUSE Leap 15.1 Released

Red Hat Enterprise Linux 8 Available

Google Brings Linux to Chromebook

Fedora Project Announces Fedora 30

The Apache Software Foundation Completes Migration To GitHub

Canonical Combines its Services in a Single Package

Black Hole Image Has an Open Source Connection

PHP Attack Puts WordPress and Drupal at Risk

Related content

Issue 224/2019

Buy this issue as a PDF

Linux Administration

News

Tag Cloud