Main
Vulnerability Database
Exploits
ID:1858 - Exploit for Resource exhaustion in Drupal - CVE-2014-5265
ID:1858 - Exploit for Resource exhaustion in Drupal - CVE-2014-5265
Published: March 18, 2020
Vulnerability identifier: #VU446
Vulnerability risk: Low
CVE-ID: CVE-2014-5265
CWE-ID: CWE-400
Exploitation vector: Remote access
Vulnerable software:
Drupal
Drupal
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness is caused by vulnerability of PHP XML parser used by XML-RPC endpoint (xmlrpc.php) to attacks connected with XML payload. The attackers can cause CPU and memory exhaustion, open the maximum number of connection in the site's database that can result in denial of service.
Successful exploitation of this vulnerability may lead to denial of service on the vulnerable system.
The weakness is caused by vulnerability of PHP XML parser used by XML-RPC endpoint (xmlrpc.php) to attacks connected with XML payload. The attackers can cause CPU and memory exhaustion, open the maximum number of connection in the site's database that can result in denial of service.
Successful exploitation of this vulnerability may lead to denial of service on the vulnerable system.
Remediation
Update 6.x to 6.33.
https://www.drupal.org/drupal-6.33-release-notes
Update 7.x to 7.31.
https://www.drupal.org/drupal-7.31-release-notes
https://www.drupal.org/drupal-6.33-release-notes
Update 7.x to 7.31.
https://www.drupal.org/drupal-7.31-release-notes