PHP Attack Puts WordPress and Drupal at Risk

Aug 12, 2014

All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.

The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.  

Related content

comments powered by Disqus

Issue 171/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

Tag Cloud

Administration Community Events Hardware Linux Linux New Media Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source