Summary
A vulnerability in the password hashing API of Drupal 7 can lead to a DoS.
Impact
An unauthenticated attacker can cause a denial of service.
Impact Level: Application
Solution
Upgrade to Drupal 7.34 or later
Insight
Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text. An attacker can send specially crafted requests resulting in CPU and memory exhaustion.
Affected
Drupal 7
Detection
Check the version of Drupal.
References
Severity
Classification
-
CVE CVE-2014-9016 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities