View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-9016 medium priority: Ubuntu including 2 source packages (drupal6, drupal7), 46 status rows across 23 suites (artful, bionic, cosmic, disco, focal, jammy, kinetic, lucid, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 33, not-affected 6, ignored 3, released 2, needed 1, needs-triage 1.
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.