Lucene search
MitreCVE-2015-5490HistoryAug 18, 2015 - 5:59 p.m.
CVE-2015-5490
2015-08-1817:59:31
CWE-200
mitre
web.nvd.nist.gov
20
cve-2015-5490
drupal
views module
cache
access bypass
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.008
Percentile
81.7%
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
Affected configurations
Node
views_projectviewsMatch7.x-3.5drupal
ORviews_projectviewsMatch7.x-3.6drupal
ORviews_projectviewsMatch7.x-3.7drupal
ORviews_projectviewsMatch7.x-3.8drupal
ORviews_projectviewsMatch7.x-3.10drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| views_project | views | 7.x-3.5 | cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:* |
| views_project | views | 7.x-3.6 | cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:* |
| views_project | views | 7.x-3.7 | cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:* |
| views_project | views | 7.x-3.8 | cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:* |
| views_project | views | 7.x-3.10 | cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:* |
Related
prion
prion
Design/Logic Flaw
2015-08-18 17:59:00
cvelist
cvelist
CVE-2015-5490
2015-08-18 17:00:00
drupal
drupal
Views - Critical - Access Bypass - SA-CONTRIB-2015-103
2015-04-29 00:00:00
nvd
nvd
CVE-2015-5490
2015-08-18 17:59:31
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.008
Percentile
81.7%
Related for CVE-2015-5490