Skip to main content
  • Agency
    • Overview
    • Leadership
    • Associations
    • Involvement
    • Grow Your Cause
    • Careers
  • Work
    • Case Studies
    • Clients
    • Awards
  • Services
    • Overview
    • Strategy & OOUX
    • Design & Development
    • Digital Marketing
    • Intranet
    • Support
  • News
    • Article Listings
    • Get Our Quarterly e-Newsletter
    • Newsletter Signup
  • Contact
  • Client Login
Menu
  • Client Login
    •  
    •  
    •  
  • Agency
    • Overview
    • Leadership
    • Associations
    • Involvement
    • Grow Your Cause
    • Careers
  • Work
    • Case Studies
    • Clients
    • Awards
  • Services
    • Overview
    • Strategy & OOUX
    • Design & Development
    • Digital Marketing
      • Email Marketing
      • Search Engine Optimization
      • Web Analytics
    • Intranet
    • Support
  • News
  • Contact
  • Client Login

Wordpress/Drupal Security Flaw

Wordpress/Drupal Security Flaw

There are approximately 60 million Wordpress sites and over 1 million Drupal sites on the Internet today. In fact, many of Cool Blue's clients and projects utilize these two web softwares. Recently a vulnerability has been discovered using a XML Quadratic Blowup Attack and has the ability to take down an entire website or server. The security flaw affects Wordpress versions 3.5 to 3.9 and Drupal versions 6.x to 7.x. This particular security breach is similar to the Billion Laughs attack but instead of using a nested entity it repeats a single entity, possibly consisting of tens of thousands of characters, and repeats it over and over again until it has taken up enough memory to shut down the entire site or server. Meaning, an offender has the power to bring down a server by submitting a few hundred HTTP requests from a single device.  Fortunately a patch has been released to protect the applications. All users and hosts need to do is simply update their Wordpress or Drupal software to the latest versions which are protected against this vulnerability. 

For Cool Blue clients with active support agreements, we have taken measures for your site to proactivley alleviate this vulnerability.  As a quick and immediate fix, we have added a rule to .htaccess to prevent access to xmlrpc.php.  The .htaccesss block keeps sites protected until modules and current versions can be updated.  Clients without current support agreements, please contact us so that we may discuss and assist you with this vulnerability.

Source: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/

Industries & Disciplines
Content Management Systems
Maintenance

Recent News

04.24.2018
2017 Horizon Interactive Awards Winners Announced
02.16.2018
The Basics for an Effective IA
05.04.2017
All Mobile Apps Are Not Created Equal
View All News >

News Archive

2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018

Want to know more about what we can do for you? Contact us now!

Cool Blue Newsletter

Agency news & industry insights sent quarterly

Subscribe Now

Unsubscribe

SUBSCRIBE TO OUR NEWSLETTER

Our free quarterly Newsletter will keep you "in the know" about important trends in web design, development and marketing as well as new Cool Blue site launches, products, services, and upcoming events too.

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Coolblue Interactive
  • 404-876-6989
  • Contact Us
  • Twitter
  • LinkedIn
  • Facebook

© Copyright 2019 Cool Blue Interactive. Privacy PolicyTerms of Use