Wordpress/Drupal Security Flaw
There are approximately 60 million Wordpress sites and over 1 million Drupal sites on the Internet today. In fact, many of Cool Blue's clients and projects utilize these two web softwares. Recently a vulnerability has been discovered using a XML Quadratic Blowup Attack and has the ability to take down an entire website or server. The security flaw affects Wordpress versions 3.5 to 3.9 and Drupal versions 6.x to 7.x. This particular security breach is similar to the Billion Laughs attack but instead of using a nested entity it repeats a single entity, possibly consisting of tens of thousands of characters, and repeats it over and over again until it has taken up enough memory to shut down the entire site or server. Meaning, an offender has the power to bring down a server by submitting a few hundred HTTP requests from a single device. Fortunately a patch has been released to protect the applications. All users and hosts need to do is simply update their Wordpress or Drupal software to the latest versions which are protected against this vulnerability.
For Cool Blue clients with active support agreements, we have taken measures for your site to proactivley alleviate this vulnerability. As a quick and immediate fix, we have added a rule to .htaccess to prevent access to xmlrpc.php. The .htaccesss block keeps sites protected until modules and current versions can be updated. Clients without current support agreements, please contact us so that we may discuss and assist you with this vulnerability.
Source: http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/