Reliable Solutions for your Business

Your website is in safe hands when hosted with us, leaving you to run your business.

Several hours ago, security researcher Nir Goldshlager revealed a new crucial vulnerability that allows offenders to launch a very effective Denial of Service attack, through a process that circumvents existing security measures.

The exploit in question is a variant of a XML-RPC Entity Expansion (XEE) method, best described as a more effective version of the “ Billions Laugh” attack.

The vulnerability exists in all WordPress and Drupal versions, affecting over 250 million websites, roughly 23% of the Internet website population today.

Fixing the Vulnerability

Incapsula’s security team issued an emergency patch, which was deployed across the entire Incapsula network, preventing this vulnerability from affecting any of our WAF-protected clients.

The patch leverages Incapsula’s ability to parse incoming XML messages and implement security logic based on their individual content.

All other WordPress and Drupal website operators are advised to apply the latest security updates, released today by both teams, who joined forces in creating a fix for this exploit.

Having tested the attack method, and witnessing the amount of grief it can cause, we strongly urge to apply these patches as soon as possible.

http://wordpress.org/news/2014/08/wordpress-3-9-2/

https://www.drupal.org/SA-CORE-2014-004

Best regards,
HalfDollarHosting Security team



Thursday, August 7, 2014

« Back

Powered by WHMCompleteSolution

Language: