Verizon WAF Offers Protection against Drupal SQL Injection Bug (CVE-2014-3704)

“Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.”[1] Drupal allows users to organize, manage and publish their Web content.

A recent “Public Service Announcement” from the Drupal Security Team documented a vulnerability in their Drupal 7 database abstraction API that enables attackers to send expressly constructed HTTP requests that result in random SQL executions (CVE-2014-3704). Such HTTP requests can lead to arbitrary PHP execution, privilege escalation, and other types of attacks.

Users of Drupal 7 are urged to update to version 7.32 (or higher) to fix the vulnerability. However, machines that are already infected may not be protected by the update.

Verizon Digital Media Services Web Application Firewall (WAF) can offer protection from attacks targeted at the Drupal vulnerability. Our WAF offers a comprehensive set of rules to protect Drupal websites against publicly-known vulnerabilities, including this critical SQL injection bug.

Our WAF also offers protection against many kinds of generic application layer attacks and attacks aimed at exploiting publicly known vulnerabilities in various applications and platforms.

To learn more about our WAF contact Verizon Sales:

Toll Free (USA): +1-877-EDGE-CDN

By Phone: +1-310-396-7400

email: vdmssales@verizon.com

×