Denial of service in Drupal - #VU561
Published: September 20, 2016
Vulnerability identifier: #VU561
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness is caused by improper way of page caching. Being able to post content on the site and poison the page cache, attackers can cause constant 404 error on the page.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is caused by improper way of page caching. Being able to post content on the site and poison the page cache, attackers can cause constant 404 error on the page.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Update 4.6.x to 4.6.11.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.11.tar.gz
Update 4.7.x to 4.7.5.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.5.tar.gz
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.11.tar.gz
Update 4.7.x to 4.7.5.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.5.tar.gz