drupal6
Page content
- Author: kikadf
- Vulnerable: 6.33-1arcturus1
- Unaffected: 6.34-1arcturus1
Aaron Averill discovered that a specially crafted request can give a user access to another user’s session, allowing an attacker to hijack a random session. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.