Published: 24/11/2014 Updated: 20/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 506

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The password hashing API in Drupal 7.x prior to 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x prior to 6.x-2.1 for Drupal allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal
secure password hashes project secure passwords hashes
debian debian linux 7.0

Debian Bug report logs - #770469 drupal7: CVE-2014-9015 CVE-2014-9016 (SA-CORE-2014-006) Package: src:drupal7; Maintainer for src:drupal7 is Gunnar Wolf <gwolf@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Nov 2014 14:51:05 UTC Severity: serious Tags: fixed-upstream, security, upstr ...

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-9015 Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random ...

==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Drupal < 734 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion This may lead to the site becoming unavailable or unresponsiv ...

A vulnerability present in Drupal versions prior to 734 and WordPress versions prior to 401 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion This may lead to the site becoming unavailable or unresponsive (denial of service) ...

Python scripts to exploit CVE-2014-9016 and CVE-2014-9034

wp_drupal_timing_attack Python scripts to exploit CVE-2014-9016 and CVE-2014-9034 For legal purposes only

Exhaust WordPress <V5.0.1 resources using long passwords (CVE-2014-9016)

WordPress Denial of Service (CVE-2014-9016) Disclaimer The contents of this script are intended to only be used only in an ethical manner Do not use this script if you do not have written permission from the owner of the equipment If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law Primus27 does not take any responsibili

NVD-CWE-noinfo https://www.drupal.org/SA-CORE-2014-006 http://www.openwall.com/lists/oss-security/2014/11/20/21 http://www.openwall.com/lists/oss-security/2014/11/20/3 http://www.openwall.com/lists/oss-security/2014/11/21/1 http://www.debian.org/security/2014/dsa-3075 https://www.drupal.org/node/2378375 http://secunia.com/advisories/59164 https://www.drupal.org/node/2378367 http://secunia.com/advisories/59814 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770469 https://nvd.nist.gov https://github.com/c0r3dump3d/wp_drupal_timing_attack https://www.exploit-db.com/exploits/35415/https://www.debian.org/security/./dsa-3075

CVE-2014-9016

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect