Vigil@nce - Drupal FileField: denial of service
April 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Drupal FileField, in order to trigger a denial
of service.
Impacted products: Drupal Modules not comprehensive.
Severity: 2/4.
Creation date: 25/02/2016.
DESCRIPTION OF THE VULNERABILITY
The FileField module can be installed on Drupal.
However, an attacker can remove files of another user.
An attacker can therefore use Drupal FileField, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Drupal-FileField-denial-of-service-19031