Denial of service in Drupal - CVE-2014-5019
Published: September 14, 2016
Vulnerability identifier: #VU447
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-5019
CWE-ID: CWE-113
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to cause denial of service.
The weakness exists due to unsufficient checking of HTTP headers. Attackers can send specially crafted HTTP header that may make the site unavailable and cause the target service deny.
Successful exploitation of this vulnerability may lead to denial of service on the target system.
The weakness exists due to unsufficient checking of HTTP headers. Attackers can send specially crafted HTTP header that may make the site unavailable and cause the target service deny.
Successful exploitation of this vulnerability may lead to denial of service on the target system.
How to mitigate CVE-2014-5019
Update 6.x to 6.32.
https://www.drupal.org/drupal-6.32-release-notes
Update 7.x to 7.29.
https://www.drupal.org/drupal-7.29-release-notes
https://www.drupal.org/drupal-6.32-release-notes
Update 7.x to 7.29.
https://www.drupal.org/drupal-7.29-release-notes