Lucene search
PRIOn knowledge basePRION:CVE-2014-9016HistoryNov 24, 2014 - 3:59 p.m.
Cross site request forgery (csrf)
2014-11-2415:59:00
PRIOn knowledge base
www.prio-n.com
12
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 7.0 | |
| drupal | ge | 7.0 | |
| drupal | lt | 7.34 | |
| secure_passwords_hashes | eq | >= 6.x2.0 AND < 6.x2.1 |
References
secunia.com/advisories/59164
secunia.com/advisories/59814
www.debian.org/security/2014/dsa-3075
www.openwall.com/lists/oss-security/2014/11/20/21
www.openwall.com/lists/oss-security/2014/11/20/3
www.openwall.com/lists/oss-security/2014/11/21/1
www.drupal.org/node/2378367
www.drupal.org/node/2378375
www.drupal.org/SA-CORE-2014-006
Related
nessus
nessus
Fedora 21 : drupal7-7.34-1.fc21 (2014-15583)
2014-12-07 00:00:00
Fedora 20 : drupal7-7.34-1.fc20 (2014-15528)
2014-12-03 00:00:00
Fedora 19 : drupal7-7.34-1.fc19 (2014-15522)
2014-12-03 00:00:00
openvas
openvas
Fedora Update for drupal7 FEDORA-2014-15583
2015-01-05 00:00:00
Fedora Update for drupal7 FEDORA-2014-15522
2014-12-03 00:00:00
Fedora Update for drupal7 FEDORA-2014-15528
2014-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: drupal7-7.34-1.fc20
2014-12-03 01:03:28
[SECURITY] Fedora 19 Update: drupal7-7.34-1.fc19
2014-12-03 01:05:24
[SECURITY] Fedora 21 Update: drupal7-7.34-1.fc21
2014-12-06 10:05:06
nvd
nvd
CVE-2014-9016
2014-11-24 15:59:17
CVE-2014-9034
2014-11-25 23:59:05
cve
cve
CVE-2014-9016
2014-11-24 15:59:17
CVE-2014-9034
2014-11-25 23:59:05
ubuntucve
ubuntucve
CVE-2014-9016
2014-11-24 00:00:00
CVE-2014-9034
2014-11-25 00:00:00
cvelist
cvelist
CVE-2014-9016
2014-11-24 15:00:00
CVE-2014-9034
2014-11-25 23:00:00
debiancve
debiancve
CVE-2014-9016
2014-11-24 15:59:00
CVE-2014-9034
2014-11-25 23:59:05
debian
debian
[SECURITY] [DSA 3075-1] drupal7 security update
2014-11-20 16:36:03
[SECURITY] [DSA 3075-1] drupal7 security update
2014-11-20 16:36:03
packetstorm
packetstorm
Drupal / WordPress Memory Exhaustion
2014-12-01 00:00:00
osv
osv
drupal7 - security update
2014-11-20 00:00:00
mageia
mageia
Updated drupal packages fix security vulnerabilities
2014-11-26 20:29:06
securityvulns
securityvulns
[SECURITY] [DSA 3075-1] drupal7 security update
2014-12-01 00:00:00
[ MDVSA-2015:181 ] drupal
2015-05-12 00:00:00
archlinux
archlinux
drupal: session hijacking and denial of service
2014-11-20 00:00:00
drupal
drupal
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006
2014-11-19 00:00:00
prion
prion
Design/Logic Flaw
2014-11-25 23:59:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2014-11-25 00:00:00