5 matches found
Cross site request forgery (csrf)
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes aka phpass module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service CPU and memory consumption via a crafted request...
UBUNTU-CVE-2014-9016
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes aka phpass module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service CPU and memory consumption via a crafted request...
CVE-2014-9016
CVE-2014-9016 affects Drupal 7.x prior to 7.34 and the Secure Password Hashes (phpass) module 6.x-2.x prior to 6.x-2.1. The issue is a denial-of-service condition caused by the password hashing API, where a crafted request can exhaust CPU and memory. Remediation is to update to Drupal 7.34+ and p...
Drupal 6.x < 6.34 / 7.x < 7.34 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.34 or 7.x prior to 7.34. It is, therefore, potentially affected by the following vulnerabilities : - There exists an unspecified flaw that is triggered when handling a specially crafted request that may allow a remote...
drupal: session hijacking and denial of service
Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...