Vulnerabilities > CVE-2014-9016
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL network
low complexity
drupal
secure-password-hashes-project
debian
nessus
exploit available
metasploit
Summary
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
Vulnerable Configurations
Exploit-Db
| description | Drupal < 7.34 - Denial of Service. CVE-2014-9016. Dos exploit for php platform |
| id | EDB-ID:35415 |
| last seen | 2016-02-04 |
| modified | 2014-12-01 |
| published | 2014-12-01 |
| reporter | Javer Nieto and Andres Rojas |
| source | https://www.exploit-db.com/download/35415/ |
| title | Drupal < 7.34 - Denial of Service |
Metasploit
| description | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing. |
| id | MSF:AUXILIARY/DOS/HTTP/WORDPRESS_LONG_PASSWORD_DOS |
| last seen | 2020-06-05 |
| modified | 2018-10-01 |
| published | 2015-01-04 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/wordpress_long_password_dos.rb |
| title | WordPress Long Password DoS |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-15528.NASL description Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-03 plugin id 79679 published 2014-12-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79679 title Fedora 20 : drupal7-7.34-1.fc20 (2014-15528) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-15528. # include("compat.inc"); if (description) { script_id(79679); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9016"); script_bugtraq_id(71202); script_xref(name:"FEDORA", value:"2014-15528"); script_name(english:"Fedora 20 : drupal7-7.34-1.fc20 (2014-15528)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1166254" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145126.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4df0e7e8" ); script_set_attribute( attribute:"solution", value:"Update the affected drupal7 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"drupal7-7.34-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal7"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-15583.NASL description Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-07 plugin id 79775 published 2014-12-07 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79775 title Fedora 21 : drupal7-7.34-1.fc21 (2014-15583) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-15583. # include("compat.inc"); if (description) { script_id(79775); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9016"); script_bugtraq_id(71202); script_xref(name:"FEDORA", value:"2014-15583"); script_name(english:"Fedora 21 : drupal7-7.34-1.fc21 (2014-15583)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1166254" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145329.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fd75a5c2" ); script_set_attribute( attribute:"solution", value:"Update the affected drupal7 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"drupal7-7.34-1.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal7"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5E1351788AEB11E4801F0022156E8794.NASL description MITRE reports : wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. last seen 2020-06-01 modified 2020-06-02 plugin id 80350 published 2015-01-05 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80350 title FreeBSD : wordpress -- multiple vulnerabilities (5e135178-8aeb-11e4-801f-0022156e8794) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-181.NASL description Updated drupal packages fix security vulnerabilities : An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983). Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022). A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint. A SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704). Aaron Averill discovered that a specially crafted request can give a user access to another user last seen 2020-06-01 modified 2020-06-02 plugin id 82456 published 2015-03-31 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82456 title Mandriva Linux Security Advisory : drupal (MDVSA-2015:181) NASL family CGI abuses NASL id DRUPAL_7_34.NASL description The remote web server is running a version of Drupal that is 6.x prior to 6.34 or 7.x prior to 7.34. It is, therefore, potentially affected by the following vulnerabilities : - There exists an unspecified flaw that is triggered when handling a specially crafted request that may allow a remote attacker to perform a session hijacking attack. (CVE-2014-9015) - There exists a flaw in the password hashing API that is triggered when handling a specially crafted request. An attacker may use this to consume resources and cause a denial of service. This issue is only present in versions of Drupal prior to 7.34. (CVE-2014-9016) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 79386 published 2014-11-21 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79386 title Drupal 6.x < 6.34 / 7.x < 7.34 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2014-15522.NASL description Drupal 7.34, 2014-11-19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-03 plugin id 79677 published 2014-12-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79677 title Fedora 19 : drupal7-7.34-1.fc19 (2014-15522) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3075.NASL description Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-9015 Aaron Averill discovered that a specially crafted request can give a user access to another user last seen 2020-03-17 modified 2014-11-21 plugin id 79362 published 2014-11-21 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79362 title Debian DSA-3075-1 : drupal7 - security update
Packetstorm
| data source | https://packetstormsecurity.com/files/download/129341/drupal-dos.txt |
| id | PACKETSTORM:129341 |
| last seen | 2016-12-05 |
| published | 2014-12-01 |
| reporter | Javer Nieto |
| source | https://packetstormsecurity.com/files/129341/Drupal-WordPress-Memory-Exhaustion.html |
| title | Drupal / WordPress Memory Exhaustion |
References
- http://secunia.com/advisories/59164
- http://secunia.com/advisories/59814
- http://www.debian.org/security/2014/dsa-3075
- http://www.openwall.com/lists/oss-security/2014/11/20/21
- http://www.openwall.com/lists/oss-security/2014/11/20/3
- http://www.openwall.com/lists/oss-security/2014/11/21/1
- https://www.drupal.org/node/2378367
- https://www.drupal.org/node/2378375
- https://www.drupal.org/SA-CORE-2014-006