Drupal Page Caching Denial of Service Vulnerability

Bugtraq ID:	21895
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 05 2007 12:00AM
Updated:	Jan 08 2007 05:06PM
Credit:	This issue was disclosed by the vendor.
Vulnerable:	OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Drupal Drupal 4.7.4 Drupal Drupal 4.7.4 Drupal Drupal 4.7.3 Drupal Drupal 4.7.3 Drupal Drupal 4.7.2 Drupal Drupal 4.7.1 Drupal Drupal 4.7 Drupal Drupal 4.6.10 Drupal Drupal 4.6.9 Drupal Drupal 4.6.8 Drupal Drupal 4.6.7 Drupal Drupal 4.6.6 Drupal Drupal 4.6.5 Drupal Drupal 4.6.4 Drupal Drupal 4.6.3 Drupal Drupal 4.6.2 Drupal Drupal 4.6.1 Drupal Drupal 4.6 Drupal Drupal 4.7 revision 1.15 Drupal Drupal 4.7 Drupal Drupal 4.6
Not Vulnerable:	Drupal Drupal 4.7.5 Drupal Drupal 4.6.11

Drupal Page Caching Denial of Service Vulnerability

Drupal is prone to a denial-of-service vulnerability due to a design error.

This issue affects only applications running with page cache enabled.

An attacker may exploit this issue to poison the page cache and return page-not-found errors for available pages.

Drupal 4.6 and 4.7 series are affected by this issue.

Drupal Page Caching Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Drupal Page Caching Denial of Service Vulnerability

Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.

Drupal Page Caching Denial of Service Vulnerability

References:

• Vendor Homepage (Drupal)