CVE-2013-4599 - Vulnerability Details - OpenCVE

The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00683.

Key SSVC decision points have not yet been added.

Vendors	Products
Misery Project Subscribe	Misery Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:misery_project:misery:6.x-2.0:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.1:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.2:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.3:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.4:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:7.x-2.0:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:7.x-2.1:-:-::-:drupal::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-4455	The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://seclists.org/oss-sec/2013/q4/317
http://www.securityfocus.com/bid/63705
https://drupal.org/node/2134409
https://drupal.org/node/2134413
https://drupal.org/node/2135273

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-06-09T19:00:00

Updated: 2024-08-06T16:52:26.921Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4599

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-06-09T19:55:09.600

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-4599

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2134413"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2135273"}, {"name": "63705", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63705"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/317"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4599", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2134413", "refsource": "CONFIRM", "url": "https://drupal.org/node/2134413"}, {"name": "https://drupal.org/node/2135273", "refsource": "MISC", "url": "https://drupal.org/node/2135273"}, {"name": "63705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/63705"}, {"name": "https://drupal.org/node/2134409", "refsource": "CONFIRM", "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/317"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.921Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2134413"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2135273"}, {"name": "63705", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/63705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/317"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4599", "datePublished": "2014-06-09T19:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:52:26.921Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.0:-:-:*:-:drupal:*:*", "matchCriteriaId": "1060C5B7-025B-432C-BF6B-2B0C25A74D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.1:-:-:*:-:drupal:*:*", "matchCriteriaId": "F5939A66-16DB-406B-9AD9-A48E6DA959EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.2:-:-:*:-:drupal:*:*", "matchCriteriaId": "33DB7FE2-8788-4E0A-8F3F-931512BFED58", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.3:-:-:*:-:drupal:*:*", "matchCriteriaId": "4632A5C6-B375-40BE-8BE6-B36456D35F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.4:-:-:*:-:drupal:*:*", "matchCriteriaId": "A990C479-179D-428E-8B52-E080D0BDE514", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:7.x-2.0:-:-:*:-:drupal:*:*", "matchCriteriaId": "116313ED-5DFF-49F6-A533-A6D75F35CFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:7.x-2.1:-:-:*:-:drupal:*:*", "matchCriteriaId": "1A99CA68-2593-4E08-89C7-6177647EFE39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}, {"lang": "es", "value": "El m\u00f3dulo Misery 6.x-2.x anterior a 6.x-2.5 y 7.x-2.x anterior a 7.x-2.2 para Drupal, cuando la configuraci\u00f3n 'retrasar misery' est\u00e1 configurada a un valor alto, permite a atacanntes remotos causar una denegaci\u00f3n de servicio (consumo de proceso) a trav\u00e9s de solicitudes m\u00faltiples."}], "id": "CVE-2013-4599", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-09T19:55:09.600", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/317"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63705"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2134409"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2134413"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2135273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2013/q4/317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/63705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://drupal.org/node/2134409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://drupal.org/node/2134413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2135273"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}