Vulnerabilities > CVE-2013-4599 - Resource Management Errors vulnerability in Misery Project Misery

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

misery-project

CWE-399

NVD

Published: 2014-06-09

Updated: 2014-06-25

Summary

The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.

Vulnerable Configurations

Part	Description	Count
Application	Misery_Project Misery Project Misery 6.X-2.0 Misery Project Misery 6.X-2.1 Misery Project Misery 6.X-2.2 Misery Project Misery 6.X-2.3 Misery Project Misery 6.X-2.4 Misery Project Misery 7.X-2.0 Misery Project Misery 7.X-2.1	7

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://seclists.org/oss-sec/2013/q4/317
http://www.securityfocus.com/bid/63705
https://drupal.org/node/2134409
https://drupal.org/node/2134413
https://drupal.org/node/2135273