CVE-2014-5265

Name of the Vulnerable Software and Affected Versions Incutio XML-RPC (IXR) Library as used in WordPress versions prior to 3.9.2 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 6.33 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 7.31

Description The issue allows remote attackers to cause a denial of service, consuming memory and CPU, via a crafted XML document containing a large number of nested entity references. This is due to the library permitting entity declarations without considering recursion during entity expansion.

Recommendations For WordPress versions prior to 3.9.2, update to version 3.9.2 or later. For Drupal 6.x versions prior to 6.33, update to version 6.33 or later. For Drupal 7.x versions prior to 7.31, update to version 7.31 or later.