XML Quadratic Blowup Attack [#2317209]

I read an article about XML Quadratic Blowup Attack.

The Link is http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/.

Is drupal safe from this attack??

How to make sure??

Thanks in advance

Comments

Comment #1

checkthelog commented 7 August 2014 at 13:58

Status:

Active

» Fixed

Yes, this was fixed in Drupal 7.31+ and Drupal 6.33+. There are also solutions where you can just remove the xmlrpc.php file and disable the OpenID module to get by temporarily without upgrading.

Comment #2

secretsayan commented 7 August 2014 at 14:56

I have Oauth modules enabled. So I need the services module too.

Is there any other solution available where I do not need to update my drupal core version and I am able to keep the Services module intact???

Comment #3

TomGould01 commented 19 August 2014 at 14:40

You could apply the patched code (AKA Hack Core :() your self to the public/modules/openid/openid.inc and public/includes/xmlrpc.inc files, not advisable but may work none the less if you really can't update to the latest version properly.

I am in the process of doing about 40 different sites and haven't had any issues with D6 or D7.

Comment #4

secretsayan commented 19 August 2014 at 14:50

Status:

Fixed

» Closed (fixed)

Thanks a lot

XML Quadratic Blowup Attack

Comments

Comment #1

Comment #2

Comment #3

Comment #4

News items

Our community

Documentation

Drupal code base

Governance of community