Denial of service in Drupal Drupal
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Drupal Web applications / CMS |
| Vendor | Drupal |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU561
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause denial of service on the target system.
The weakness is caused by improper way of page caching. Being able to post content on the site and poison the page cache, attackers can cause constant 404 error on the page.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update 4.6.x to 4.6.11.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.11.tar.gz
Update 4.7.x to 4.7.5.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.5.tar.gz
Drupal: 4.6.0 - 4.7.4
CPE2.3 External linkshttp://www.drupal.org/node/104238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
