Researchers map Drupal attack that bypasses poorly tuned Web Applic...

Advisories

Discover Firewalls News

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls

Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a website completely.
On October 15, 2014, Drupal urged users to apply an update that fixed an SQL Injection vulnerability. Unfortunately, unless the patch was applied within a seven hour window, Drupal warned administrators that they should just assume installations in the Drupal 7.x branch before version 7.32 were already compromised.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.