Description

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

Remediation

References

CVE-2014-9016

Related Vulnerabilities

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.6)

WordPress 4.3.x Arbitrary File Deletion Vulnerability (4.3 - 4.3.16)

WordPress Plugin TwitterCart Security Bypass (2.0)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4164)

Severity

Medium

Classification

CVE-2014-9016

Tags

Missing Update Known Vulnerabilities