CVE-2024-11941：Drupal Core DoS漏洞 (≤10.1.7)

Drupal Core 评论模块中的 CVE-2024-11941 漏洞允许攻击者通过创建耗尽服务器资源的精心设计的评论回复请求来触发拒绝服务 (DoS) 攻击。此漏洞通过发送大量精心设计的评论回复请求来利用，从而使服务器过载并阻止其响应合法请求。主要影响是网站不可用，可能导致收入损失、声誉受损和不良的用户体验。重要的是要注意，此问题仅影响使用评论模块的网站。该漏洞的严重程度在 CVSS 规模上评为 7.5，表明中等至高风险。

Websites running Drupal Core versions 10.1.7 and earlier that utilize the Comment module are at risk. This includes organizations relying on Drupal for content management, e-commerce platforms, and community forums. Sites with limited resources or those that are not regularly updated are particularly vulnerable.

• drupal: Check Drupal core version using drush --version. If the version is less than 10.1.8, the site is vulnerable. • generic web: Monitor web server logs for unusual patterns of comment reply requests, particularly those originating from a single IP address or user account. Look for a high volume of requests within a short timeframe. • generic web: Use a WAF to implement rate limiting on comment reply requests, restricting the number of requests allowed per user or IP address within a given time period.

# Example WAF rule (syntax varies by vendor)
if (http.request.method == "POST" && http.request.path =~ "/comment/") {
  rate_limit(10, 60); # Allow 10 requests per minute
}

1. 2024-12-05Disclosure

   disclosure

1. 已保留2024-11-27
2. 发布日期2024-12-05
3. 修改日期2025-12-10
4. EPSS 更新日期2026-04-02

CVE-2024-11941 的建议缓解措施是将 Drupal Core 更新到版本 10.1.8 或更高版本。此更新包含阻止漏洞被利用的补丁。如果无法立即更新，请考虑实施临时缓解措施，例如限制评论回复请求的速率或部署 Web 应用程序防火墙 (WAF) 以过滤恶意流量。在生产环境中应用更改之前，在开发环境中进行彻底的测试至关重要。还建议定期监控服务器日志中与评论请求相关的可疑活动。