CVE-2014-5266

Name of the Vulnerable Software and Affected Versions Incutio XML-RPC (IXR) Library as used in WordPress versions prior to 3.9.2 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 6.33 Incutio XML-RPC (IXR) Library as used in Drupal versions prior to 7.31

Description The issue allows remote attackers to cause a denial of service due to CPU consumption by sending a large XML document. This is achieved by exploiting the lack of limitation on the number of elements in an XML document.

Recommendations For WordPress versions prior to 3.9.2, update to version 3.9.2 or later. For Drupal 6.x versions prior to 6.33, update to version 6.33 or later. For Drupal 7.x versions prior to 7.31, update to version 7.31 or later.