SB2014112008 - Fedora EPEL 6 update for drupal7
Published: November 20, 2014 Updated: April 24, 2025
Security Bulletin ID
SB2014112008
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Session hijacking (CVE-ID: CVE-2014-9015)
The vulnerability allow a remore user to hijack a valid user's session.The weakness exists due to specially crafted requests that gives a user access to another user's session and allows attacker to steal a random session.
Successful exploitation of this vulnerability may result in hijacking of the target user's session.
2) Denial of service (CVE-ID: CVE-2014-9016)
The vulnerability allows a remote user to cause denial of service on the target system.The weakness exists due to CPU and memory exhaustion. Specially crafted and sent by the attackers requests may lead to site unavailability.
Successful exploitation of this vulnerability may result in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.