Lucene search

MitreCVE-2015-5513

HistoryAug 18, 2015 - 6:00 p.m.

CVE-2015-5513

2015-08-1818:00:19

CWE-79

mitre

web.nvd.nist.gov

cve-2015-5513

cross-site scripting

xss

vulnerability

shibboleth

authentication

drupal

administer blocks permission

remote authenticated users

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the “Administer blocks” permission to inject arbitrary web script or HTML via unspecified vectors related to a login link.

Affected configurations

Nvd

Node

niifshibboleth_authenticationMatch6.x-4.0drupal

niifshibboleth_authenticationMatch6.x-4.1drupal

niifshibboleth_authenticationMatch6.x-4.2rc1drupal

niifshibboleth_authenticationMatch7.x-4.0drupal

niifshibboleth_authenticationMatch7.x-4.1drupal

niifshibboleth_authenticationMatch7.x-4.2rc1drupal

VendorProductVersionCPE
niifshibboleth_authentication6.x-4.0cpe:2.3:a:niif:shibboleth_authentication:6.x-4.0:*:*:*:*:drupal:*:*
niifshibboleth_authentication6.x-4.1cpe:2.3:a:niif:shibboleth_authentication:6.x-4.1:*:*:*:*:drupal:*:*
niifshibboleth_authentication6.x-4.2rc1cpe:2.3:a:niif:shibboleth_authentication:6.x-4.2rc1:*:*:*:*:drupal:*:*
niifshibboleth_authentication7.x-4.0cpe:2.3:a:niif:shibboleth_authentication:7.x-4.0:*:*:*:*:drupal:*:*
niifshibboleth_authentication7.x-4.1cpe:2.3:a:niif:shibboleth_authentication:7.x-4.1:*:*:*:*:drupal:*:*
niifshibboleth_authentication7.x-4.2cpe:2.3:a:niif:shibboleth_authentication:7.x-4.2:rc1:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
niif	shibboleth_authentication	6.x-4.0	cpe:2.3:a:niif:shibboleth_authentication:6.x-4.0:::::drupal::
niif	shibboleth_authentication	6.x-4.1	cpe:2.3:a:niif:shibboleth_authentication:6.x-4.1:::::drupal::
niif	shibboleth_authentication	6.x-4.2rc1	cpe:2.3:a:niif:shibboleth_authentication:6.x-4.2rc1:::::drupal::
niif	shibboleth_authentication	7.x-4.0	cpe:2.3:a:niif:shibboleth_authentication:7.x-4.0:::::drupal::
niif	shibboleth_authentication	7.x-4.1	cpe:2.3:a:niif:shibboleth_authentication:7.x-4.1:::::drupal::
niif	shibboleth_authentication	7.x-4.2	cpe:2.3:a:niif:shibboleth_authentication:7.x-4.2:rc1::::drupal::*

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.drupal.org/node/2511278

www.drupal.org/node/2511280

www.drupal.org/node/2511518

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

41.9%

JSON

Related for CVE-2015-5513