Vulnerability Description
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 7.0 |
Related Weaknesses (CWE)
References
- http://drupal.org/drupal-7.14Patch
- http://drupal.org/node/1557938Vendor Advisory
- http://drupal.org/node/1558468Vendor Advisory
- http://drupalcode.org/project/drupal.git/commit/db79496ae983447506f016a20738c3d7
- http://secunia.com/advisories/49012
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://www.securityfocus.com/bid/53368
- http://drupal.org/drupal-7.14Patch
- http://drupal.org/node/1557938Vendor Advisory
- http://drupal.org/node/1558468Vendor Advisory
- http://drupalcode.org/project/drupal.git/commit/db79496ae983447506f016a20738c3d7
- http://secunia.com/advisories/49012
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://www.securityfocus.com/bid/53368
FAQ
What is CVE-2012-1588?
CVE-2012-1588 is a vulnerability with a CVSS score of 3.5 (LOW). Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain ro...
How severe is CVE-2012-1588?
CVE-2012-1588 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1588?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.