1 min read

How Safe is Your Drupal or WordPress Website?

How Safe is Your Drupal or WordPress Website?

On August 6th it was announced that there was a major DoS attack vector that affected Word Press and Drupal sites. A security researcher from Salesforce.com's product security team discovered an XML vulnerability affecting both open-source platforms. This attack vector takes advantage of implementations of the XML parser to cause an intense spike in memory and CPU usages. Once applied, it could make an entire website or server unusable.

This XML vulnerability affects WordPress versions 3.5 to 3.9 (the current version) and works on the default installation. It affects Drupal versions 6.x to 7.x (the latest standard version) and also works on the default installation.

security system

Chris Johnson, Director of development for CommonPlaces, Inc. has looked into this security concern, and he believes that this should have no impact on our clients.

'In order for this vector to be used, the tainted xml file must first be placed on the server in order to have the XML parsers actually process it. CommonPlaces' security policy does not allow for the random installation of XML files. Because of this stance it is not possible for an outside attacker to force an XML file to be parsed.'

He added, 'As of now, our security analysis shows that this attack vector should not affect any users hosted by CommonPlaces. In addition, our ongoing maintenance programs tracks and applies security fixes in a responsive manner.'

WordPress and Drupal have released patches for their applications, so users and web hosts who aren't protected by the same security measures that CommonPlaces employs simply need to upgrade to the latest version to protect against the vulnerability.

Related Posts

5 min read

Benefits of Building a Website with Open Source Software

When it comes to building a website, you are faced with a variety of decisions that need to be made. The most important is partnering with the right agency. (Bit of a sales pitch, but I stand by that...
1 min read

Reduce the Cost of Each New Website With Drupal Multi-Site

On November 5th, CommonPlaces will be presenting a webinar on Drupal multi-site technology titled, "Reduce the Cost of Each New Website With Drupal Multi-Site." The webinar is being hosted by Acquia,...
2 min read

What will 2009 hold for Internet Businesses?

Despite a downright scary economy, and the idea of 2008-2009 harboring the worst financial crisis of our time; there are still plenty of reassuring signs that show that 2009 will be a healthy year...
5 min read

Top 10 Reasons Why Website Projects Fail

I often wonder why so many of our clients come to us after their Web Projects fail. About 75% of our business comes from projects where someone else couldn't get the job done. The most common...