CVE-2013-4599 - OpenCVE

The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Misery Project	Misery

Configuration 1 [-]

OR	cpe:2.3:a:misery_project:misery:6.x-2.0:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.1:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.2:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.3:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:6.x-2.4:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:7.x-2.0:-:-::-:drupal::*
	cpe:2.3:a:misery_project:misery:7.x-2.1:-:-::-:drupal::*

No data.

References

Link	Providers
http://seclists.org/oss-sec/2013/q4/317
http://www.securityfocus.com/bid/63705
https://drupal.org/node/2134409
https://drupal.org/node/2134413
https://drupal.org/node/2135273

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-06-09T19:00:00

Updated: 2024-08-06T16:52:26.921Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4599

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-06-09T19:55:09.600

Modified: 2014-06-25T16:59:03.427

Link: CVE-2013-4599

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2134413"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2135273"}, {"name": "63705", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63705"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/317"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4599", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2134413", "refsource": "CONFIRM", "url": "https://drupal.org/node/2134413"}, {"name": "https://drupal.org/node/2135273", "refsource": "MISC", "url": "https://drupal.org/node/2135273"}, {"name": "63705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/63705"}, {"name": "https://drupal.org/node/2134409", "refsource": "CONFIRM", "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/317"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.921Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2134413"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2135273"}, {"name": "63705", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/63705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2134409"}, {"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/317"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4599", "datePublished": "2014-06-09T19:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:52:26.921Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.0:-:-:*:-:drupal:*:*", "matchCriteriaId": "1060C5B7-025B-432C-BF6B-2B0C25A74D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.1:-:-:*:-:drupal:*:*", "matchCriteriaId": "F5939A66-16DB-406B-9AD9-A48E6DA959EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.2:-:-:*:-:drupal:*:*", "matchCriteriaId": "33DB7FE2-8788-4E0A-8F3F-931512BFED58", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.3:-:-:*:-:drupal:*:*", "matchCriteriaId": "4632A5C6-B375-40BE-8BE6-B36456D35F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:6.x-2.4:-:-:*:-:drupal:*:*", "matchCriteriaId": "A990C479-179D-428E-8B52-E080D0BDE514", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:7.x-2.0:-:-:*:-:drupal:*:*", "matchCriteriaId": "116313ED-5DFF-49F6-A533-A6D75F35CFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:misery_project:misery:7.x-2.1:-:-:*:-:drupal:*:*", "matchCriteriaId": "1A99CA68-2593-4E08-89C7-6177647EFE39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the \"delay misery\" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests."}, {"lang": "es", "value": "El m\u00f3dulo Misery 6.x-2.x anterior a 6.x-2.5 y 7.x-2.x anterior a 7.x-2.2 para Drupal, cuando la configuraci\u00f3n 'retrasar misery' est\u00e1 configurada a un valor alto, permite a atacanntes remotos causar una denegaci\u00f3n de servicio (consumo de proceso) a trav\u00e9s de solicitudes m\u00faltiples."}], "id": "CVE-2013-4599", "lastModified": "2014-06-25T16:59:03.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-09T19:55:09.600", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/317"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63705"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2134409"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2134413"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2135273"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}