by Michael Mimoso November 20, 2014 , 10:03 am
Details on a patched denial of service vulnerability in the open source Drupal content management system have been disclosed.
The vulnerability, patched yesterday, could be abused to crash a website running on the CMS.
Researchers Michael Cullum, Javier Nieto and Andres Rojas Guerrero reported the bug to Drupal and urge site owners and Drupal admins to upgrade Drupal 6.x to Drupal core 6.34 or 7.x to Drupal core 7.34.
The vulnerability exposes user names in addition to threatening the availability of a Drupal site.
Full Article.
SC Magazine also covered this news. You can read that story here on their site: http://www.scmagazine.com/drupal-addresses-denial-of-service-session-hijacking-vulnerabilities/article/384546/
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.