Vulnerability Details CVE-2013-4599
The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://seclists.org/oss-sec/2013/q4/317
- http://www.securityfocus.com/bid/63705
- https://drupal.org/node/2134409
- https://drupal.org/node/2134413
- https://drupal.org/node/2135273
- http://seclists.org/oss-sec/2013/q4/317
- http://www.securityfocus.com/bid/63705
- https://drupal.org/node/2134409
- https://drupal.org/node/2134413
- https://drupal.org/node/2135273
Products affected by CVE-2013-4599
-
cpe:2.3:a:misery_project:misery:6.x-2.0
-
cpe:2.3:a:misery_project:misery:6.x-2.1
-
cpe:2.3:a:misery_project:misery:6.x-2.2
-
cpe:2.3:a:misery_project:misery:6.x-2.3
-
cpe:2.3:a:misery_project:misery:6.x-2.4
-
cpe:2.3:a:misery_project:misery:7.x-2.0
-
cpe:2.3:a:misery_project:misery:7.x-2.1