Drupal 7.x < 7.20 On-Demand Image Derivative Generation Handling Resource Exhaustion DoS
Medium Nessus Plugin ID 64990
SynopsisThe remote web server is running a PHP application that is affected by a denial of service vulnerability.
DescriptionThe remote web server is running a version of Drupal that is 7.x prior to 7.20. It is, therefore, affected by a flaw during the handling of on-demand generation of image derivatives. A remote attacker, using a large number of derivative requests, could exploit this to cause a denial of service by filling up server disk space and causing a very high CPU load.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to version 7.20 or later.