Lucene search

[email protected]CVE-2009-2374

HistoryJul 08, 2009 - 3:30 p.m.

CVE-2009-2374

2009-07-0815:30:01

CWE-255

[email protected]

web.nvd.nist.gov

drupal

security

vulnerability

http referer

page caching

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.8%

JSON

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

Affected configurations

NVD

Node

drupaldrupalRange5.0–5.19

drupaldrupalRange6.0–6.13

CPENameOperatorVersion
drupal:drupaldrupallt5.19
drupal:drupaldrupallt6.13

CPE	Name	Operator	Version
drupal:drupal	drupal	lt	5.19
drupal:drupal	drupal	lt	6.13

References

drupal.org/node/507572

osvdb.org/55524

secunia.com/advisories/35657

secunia.com/advisories/35681

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2009-2374

nvd1 ubuntucve1 openvas5 cvelist1 prion1 freebsd1 nessus2 debian1 osv1