Vulnerability CVE-2007-0124
Published: 2007-01-08   Modified: 2012-02-12

Description:
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Drupal 4.6.11 / 4.7.5 fixes DoS issue
Uwe Hermann (uwe...
09.01.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Drupal -> Drupal 

 References:
http://drupal.org/node/104238
http://securityreason.com/securityalert/2115
http://www.securityfocus.com/archive/1/456056/100/0/threaded
http://www.securityfocus.com/bid/21895
http://www.vupen.com/english/advisories/2007/0051
Copyright 2024, cxsecurity.com

 

Back to Top