Design/Logic Flaw

2014-06-0919:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the “delay misery” configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.

CPENameOperatorVersion
miseryeq7.120.20
miseryeq6.120.24
miseryeq6.120.21
miseryeq7.120.21
miseryeq6.120.22
miseryeq6.120.20
miseryeq6.120.23

Name	Operator	Version
misery	eq	7.120.20
misery	eq	6.120.24
misery	eq	6.120.21
misery	eq	7.120.21
misery	eq	6.120.22
misery	eq	6.120.20
misery	eq	6.120.23

References

seclists.org/oss-sec/2013/q4/317

www.securityfocus.com/bid/63705

drupal.org/node/2134409

drupal.org/node/2134413

drupal.org/node/2135273