Vulnerability Details : CVE-2013-4599
The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.
Vulnerability category: Denial of service
Products affected by CVE-2013-4599
- cpe:2.3:a:misery_project:misery:7.x-2.1:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:6.x-2.1:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:6.x-2.3:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:7.x-2.0:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:6.x-2.0:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:6.x-2.2:-:-:*:-:drupal:*:*
- cpe:2.3:a:misery_project:misery:6.x-2.4:-:-:*:-:drupal:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4599
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-4599
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4599
-
https://drupal.org/node/2134413
misery 7.x-2.2 | Drupal.orgPatch
-
http://seclists.org/oss-sec/2013/q4/317
oss-sec: Re: CVE request for Drupal contributed modules
-
https://drupal.org/node/2134409
Access to this page has been denied.Patch
-
https://drupal.org/node/2135273
SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability. | Drupal.orgVendor Advisory
-
http://www.securityfocus.com/bid/63705
Drupal Misery Module Denial Of Service Vulnerability
Jump to