Bug 863248 (CVE-2012-1588) - CVE-2012-1588 Drupal 7: text filtering Denial of Service
Summary: CVE-2012-1588 Drupal 7: text filtering Denial of Service
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2012-1588
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 863256 956481 956483
Blocks: 863255
TreeView+ depends on / blocked
 
Reported: 2012-10-04 19:55 UTC by Kurt Seifried
Modified: 2019-09-29 12:55 UTC (History)
6 users (show)

Fixed In Version: drupal7-7.13
Clone Of:
Environment:
Last Closed: 2013-04-25 15:12:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Kurt Seifried 2012-10-04 19:55:31 UTC 
The Drupal reports that Drupal 7.12 contains the following vulnerability:

Denial of Service

CVE: CVE-2012-1588

Drupal core's text filtering system provides several features including 
removing inappropriate HTML tags and automatically linking content that 
appears to be a link. A pattern in Drupal's text matching was found to be 
inefficient with certain specially crafted strings. This vulnerability is 
mitigated by the fact that users must have the ability to post content sent 
to the filter system such as a role with the "post comments" or "Forum topic: 
Create new content" permission.

External reference:
http://drupal.org/node/1557938
Comment 2 Kurt Seifried 2013-04-25 05:19:52 UTC 
Created drupal7 tracking bugs for this issue

Affects: fedora-all [bug 956481]
Comment 3 Kurt Seifried 2013-04-25 05:22:15 UTC 
Created drupal7 tracking bugs for this issue

Affects: epel-all [bug 956483]
Note You need to log in before you can comment on or make changes to this bug.