Drupal Password Hashing Denial Of Service Vulnerability Network Vulnerability

Summary

A vulnerability in the password hashing API of Drupal 7 can lead to a DoS.

Impact

An unauthenticated attacker can cause a denial of service. Impact Level: Application

Solution

Upgrade to Drupal 7.34 or later

Insight

Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text. An attacker can send specially crafted requests resulting in CPU and memory exhaustion.

Affected

Drupal 7

Detection

Check the version of Drupal.

References

http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html
https://www.drupal.org/SA-CORE-2014-006

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9016
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities

Drupal Password Hashing Denial of Service Vulnerability

Take action and discover your vulnerabilities