Advertisement






WordPress 3.9 and Drupal 7.x Denial Of Service Vulnerability *video

CVE Category Price Severity
CWE-400 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2014-08-11
CPE
cpe:cpe:/a:wordpress:wordpress:3.9;cpe:/a:drupal:drupal:7.x
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0 0

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2014080046

Below is a copy:

About XML Quadratic Blowup Attack:

An XML quadratic blowup attack is similar to a Billion Laughs attack

(http://en.wikipedia.org/wiki/Billion_laughs). Essentially, it exploits the use of entity expansion. Instead of deferring to the use of nested entities, it replicates one large entity using a couple thousand characters repeatedly.

A medium-sized XML document of approximately two hundred kilobytes may require anywhere within the range of one hundred MB to several GB of memory. When the attack is combined with a particular level of nested expansion, an attacker is then able to achieve a higher ratio of success.
- See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf

<?xml version=”1.0″?>

<!DOCTYPE DoS [

<!ENTITY a "xxxxxxxxxxxxxxxxx...">

]>

<DoS>&x;&x;&x;&x;&x;&x;&x;&x;&x;…</DoS>
- See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.