- Home
- CVEs with nessus.description==The remote web server is running a version of Drupal that is 6.x prior to 6.33 or 7.x prior to 7.31. It is, therefore, potentially affected by multiple denial of service vulnerabilities :
- The XML-RPC library in Drupal allows entity declarations without considering recursion during entity expansion.
A remote attacker, using a crafted XML document with a large number of nested entity references, can cause a denial of service by consuming available memory and CPU resources. (CVE-2014-5265)
- The XML-RPC library in Drupal does not limit the number of elements in an XML document. A remote attacker, via a large document, could cause a denial of service by CPU consumption. (CVE-2014-5266)
- An XML injection flaw exists in 'xmlrpc.php' due to the parser accepting XML internal entities from untrusted sources. A remote attacker, via specially crafted XML data, could exploit this to cause a denial of service.
This vulnerability also exists within the Drupal OpenID module.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top