CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
70.3%
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
Vendor | Product | Version | CPE |
---|---|---|---|
drupal | drupal | * | cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
marc_ingram | services | 5.x-0.9 | cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:* |
marc_ingram | services | 5.x-0.91 | cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:* |
marc_ingram | services | 5.x-1.x-dev | cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.9 | cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.11 | cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.12 | cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-1.x-dev | cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:* |