Vulnerability & Exploit Database

Back to search

Drupal: CVE-2014-5266 : SA-CORE-2014-004 - Drupal core - Denial of service

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) August 18, 2014 August 02, 2017 August 02, 2017

Available Exploits 

Description

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

drupal-cve-2014-5266-1

Related Vulnerabilities