XML-RPC for PHP vulnerability attack attempts



Incidents.org is reporting on attacks against a recent XML-RPC vulnerability in PHP. This would affect users of PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. As far as I know there are fixes for each of these in the most recent versions of the software.



It basically acts as a network worm and AV vendors have added detection for it at this point. If you run any of the above (or any other php-based cms) look to ensure you have the most recent release running or have taken other measures to mitigate the risk.

   Send article as PDF   

Similar Posts