Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Drupal 7.x < 7.20 DoS

Medium

Synopsis

The remote server is hosting an outdated installation of Drupal that is vulnerable to a Denial of Service (DoS) attack vector.

Description

The version of Drupal installed on the remote server is 7.x prior to 7.20, and is affected by a flaw that may allow a remote denial of service. The issue is triggered during the handling of on-demand generation of image derivatives. This may allow a remote attacker to exhaust server disk space and cause the website to become unresponsive.

Solution

Upgrade to Drupal 7.20 or later.