VULNERABILITIES / FIXES - February 21, 2013
by Carol~ - 2/21/13 7:17 AM
Drupal Image Derivatives Generation Denial of Service Vulnerability
Release Date : 2013-02-21
Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Software: Drupal 7.x
A vulnerability has been reported in Drupal, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error related to on-demand generation of image derivatives and can be exploited to exhaust resources.
The vulnerability is reported in versions prior to 7.20.
Update to version 7.20.
Provided and/or discovered by:
The vendor credits Ber Kessels, aBrookland, and Chad Fennell.