Description

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

Remediation

References

CVE-2014-9016

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2006-7243)

OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0742)

WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)

PHP Numeric Errors Vulnerability (CVE-2016-1904)

Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-20106)

Severity

Medium

Classification

CVE-2014-9016

Tags

Missing Update Known Vulnerabilities