Vigil@nce - Drupal Misery: denial of service via Delay
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious queries to a Drupal site with
Misery, in order to trigger a denial of service.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 14/11/2013
DESCRIPTION OF THE VULNERABILITY
The Misery module is used to make life difficult for some users.
However when the "delay misery" option is enabled, an attacker can
use several queries, to consume server resources.
An attacker can therefore send malicious queries to a Drupal site
with Misery, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Misery-denial-of-service-via-Delay-13778