DDOS Vulnerability in WordPress and Durpal CMS

Share it:
From last couple of months popular blogging and website CMS 'WordPress' have to number of security updates. Security researcher continues  their security testing and have got another security updates for both CMS, WordPress and Durpal. So all bloggers and website owners who is running WordPress and Durpal CMS are recommend to update their CMS version immediately.

The critical vulnerability was discovered in the WordPress and Durpal implement XMLRPC, which can lead an attacker to make your site completely offline via a Denial of Service (DoS). method.

DOS Vulnerability resides
The latest vulnerability was disclosed which trigger the DOS attack and makes the site running on both CMS completely down. For this the latest version of the WordPress v3.9.2 has been release, which addresses an issue in the PHP’s XML processor that could be exploited for the Denial of service attack.

Vulnerability Details
The XML vulnerability was first reported by Nir Goldshlager, a security researcher from Salesforce.com's product security team, that impacts both the popular website platforms. The issue was later fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.

This vulnerability "XML Quadratic Blowup Attack " can cause complete CPU and memory exhaustion, which effects the site and the server and take down the whole website or server almost instantly, with the use of only a single machine.

This is been critical because both the affecting CMS of this vulnerability host millions of websites. Among this WordPress is one of the popular web CMS which is used by many of the corporate and in-corporate users also. 

Demonstration of Vulnerability
For this researcher Goldshlager has also published a video demonstration of the vulnerability (as a Proof-Of-Concepts).


What to Do Now ?
As the vulnerability affects the previous version of the WordPress (versions 3.5 to 3.9.1) and previous version of Durpal (version 6.x to 7.x), So all the users of both the CMS are recommend to update their CMS version immediately. The patched version of both the CMS has been released so you can get it from WordPress and Durpal sites.

As earlier WordPress team have announced the automatic update feature of the CMS, so WordPress users can get the update automatically, but its recommend to Durpal users  to do a manual update of its CMS.
Share it:

Durpal

Security

Vulnerability

WordPress

Post A Comment:

1 comments:

Follow by Email