What is CVE-2014-5266?

CVE-2014-5266 is a vulnerability in Drupal, classified under CWE-399. Published 2014-08-18.

Is CVE-2014-5266 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Drupal

CVE-2014-5266

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU…

EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.

Affected products

Drupal — versions 6.0, 6.1, 6.2
Wordpress — versions 3.0, 3.0.1, 3.0.2
Debian Debian_linux — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

DSA-3001 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
DSA-2999 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-5266?: CVE-2014-5266 is a vulnerability in Drupal, classified under CWE-399. Published 2014-08-18.
Is CVE-2014-5266 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.