Summary
A vulnerability in the password hashing API of Drupal 7 can lead to a DoS.
Impact
An unauthenticated attacker can cause a denial of service.
Impact Level: Application
Solution
Upgrade to Drupal 7.34 or later
Insight
Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text. An attacker can send specially crafted requests resulting in CPU and memory exhaustion.
Affected
Drupal 7
Detection
Check the version of Drupal.
References
Severity
Classification
-
CVE CVE-2014-9016 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities