CVE Vulnerabilities

CVE-2014-9016

Published: Nov 24, 2014 | Modified: Apr 20, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 7.0 (including) 7.34 (excluding)
Secure_passwords_hashes Secure_password_hashes_project 6.x-2.0 (including) 6.x-2.1 (excluding)
Drupal6 Ubuntu lucid *
Drupal6 Ubuntu precise *
Drupal7 Ubuntu esm-infra-legacy/trusty *
Drupal7 Ubuntu precise *
Drupal7 Ubuntu trusty *
Drupal7 Ubuntu trusty/esm *
Drupal7 Ubuntu upstream *
Drupal7 Ubuntu utopic *

References