CVE-2014-9016

Currently unrated 🤨

Key Information

Vendor: Drupal
Status: Drupal; Secure Passwords Hashes
Vendor: CVE Published:; 24 November 2014

Badges

👾 Exploit Exists🔴 Public PoC

Summary

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

wp_drupal_timing_attack
Created by c0r3dump3d

WordPress-Long-Password-Denial-of-Service
Created by Primus27

Refferences

https://www.drupal.org/node/2378375

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/11/20/3

mailing-listx_refsource_MLIST

https://www.drupal.org/SA-CORE-2014-006

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/11/20/21

mailing-listx_refsource_MLIST

http://secunia.com/advisories/59164

third-party-advisoryx_refsource_SECUNIA

https://www.drupal.org/node/2378367

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2014/11/21/1

mailing-listx_refsource_MLIST

http://secunia.com/advisories/59814

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3075

vendor-advisoryx_refsource_DEBIAN

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

🔴
Public PoC available
Feb 8, 2020
👾
Exploit known to exist
Feb 8, 2020
Vulnerability published
Nov 24, 2014
Vulnerability Reserved
Nov 20, 2014

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)

.