Dangereous Vulnerability Threatens WordPress and Drupal Websites
Marco Foronda | | Aug 08, 2014 04:15 AM EDT |
WordPress website
Bloggers and web owners that use Wordpress or Drupal, two of the leading content management systems, are being asked to update their software as soon as possible.
An XML vulnerability affecting both WordPress and Drupal has been discovered by a product security team from Salesforce.com.
Like Us on Facebook
The vulnerability uses a well-known "XML Quadratic Blowup Attack" that could take down the entire website or server very quickly.
This is a huge problem because an enormous number of websites are run under Wordpress and Drupal.
The World Wide Web Consortium (WC3) said Wordpress powers 23 percent of all websites on the web.
The security team discovered the XML vulnerability affects the WordPress versions 3.5 to 3.9 and functions on the default installation.
In Drupal, it affects versions 6.x to 7.x and is on default installation as well.
The XML Quadratic Blowup Attack is also similar to the Billion Laughs attack that allows a small XML document to quickly cause a fracture in services running on a computer.
Instead of using nested entities inside an XML document, Quadratic Blowup will just repeatedly repeat a single large entity that has tens of thousands of characters.
A kilobyte XML document in memory becomes a megabyte or even gigabyte in size, making the website unusable.
When the XML vulnerability works, it causes 100 percent RAM and CPU usage and renders the server unavailable. There will be a Denial of Service attack on the MySQL database program.
As a result, both the website and its web server become inaccessible.
TagsDRUPAL, mobile, WORDPRESS, Tech, Security, XML document, XML, Quadratic Blowup Attack, XML vulnerability
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
-
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?