Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Drupal 7.x < 7.34 DoS

Medium

Synopsis

The remote server is hosting an outdated installation of Drupal that is vulnerable to a Denial of Service (DoS) attack vector.

Description

The version of Drupal installed on the remote server is 7.x prior to 7.34, and is affected by a flaw in the password hashing API. It is triggered when handling a specially crafted request, which can cause a consumption of CPU and memory resources. This may allow a remote attacker to cause a denial of service.

Solution

Upgrade to Drupal 7.34 or later.