HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service

This signature detects attempts to exploit a known vulnerability against Drupal Core XML-RPC. The vulnerability is due to an input validation error when an XML-RPC endpoint handles Internal Entity Expansion. This can cause a very high CPU load and memory exhaustion. A successful attack can result in a denial-of-service condition.

Extended Description

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected Products

Debian debian_linux

References

CVE: CVE-2014-5265

Short Name
HTTP:DOS:DRUPAL-XML-RPC-IEE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-5265 Core Denial Drupal Endpoint Entity Expansion Internal Service XML-RPC of
Release Date
09/05/2014
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3805
False Positive
Unknown
Vendors

Drupal

Wordpress

Debian

CVSS Score

5.0

Found a potential security threat?