drupal7
Page content
- Author: kikadf
- Vulnerable: 7.22-2arcturus5
- Unaffected: 7.22-2arcturus6
Aaron Averill discovered that a specially crafted request can give a user access to another user’s session, allowing an attacker to hijack a random session. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.