1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls

Discussion in 'CSO' started by RSS, Mar 24, 2015.

  1. RSS

    RSS New Member Member

    Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a website completely.

    On October 15, 2014, Drupal urged users to apply an update that fixed an SQL Injection vulnerability.

    Unfortunately, unless the patch was applied within a seven hour window, Drupal warned administrators that they should just assume installations in the Drupal 7.x branch before version 7.32 were already compromised.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page