Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-6660HistoryAug 24, 2015 - 2:59 p.m.
CVE-2015-6660
2015-08-2414:59:00
Debian Security Bug Tracker
security-tracker.debian.org
6
0.003 Low
EPSS
Percentile
71.3%
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user’s account via vectors related to “file upload value callbacks.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | drupal7 | < 7.52-2+deb9u11 | drupal7_7.52-2+deb9u11_all.deb |
Related
ubuntucve
ubuntucve
CVE-2015-6660
2015-08-24 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-08-24 14:59:00
cve
cve
CVE-2015-6660
2015-08-24 14:59:17
cvelist
cvelist
CVE-2015-6660
2015-08-24 14:00:00
nvd
nvd
CVE-2015-6660
2015-08-24 14:59:17
openvas
openvas
Drupal 6.x < 6.37, 7.x < 7.39 Multiple Vulnerabilities (SA-CORE-2015-003) - Linux
2015-08-28 00:00:00
Drupal 6.x < 6.37, 7.x < 7.39 Multiple Vulnerabilities (SA-CORE-2015-003) - Windows
2015-08-28 00:00:00
Debian: Security Advisory (DSA-3346-1)
2015-08-30 00:00:00
nessus
nessus
Drupal 6.x < 6.37 Multiple Vulnerabilities
2016-04-08 00:00:00
Drupal 6.x < 6.37 Multiple Vulnerabilities
2015-08-26 00:00:00
Fedora 21 : drupal6-6.37-1.fc21 (2015-14442)
2015-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: drupal6-6.37-1.fc23
2015-09-06 01:49:44
[SECURITY] Fedora 21 Update: drupal7-7.39-1.fc21
2015-09-06 06:25:08
[SECURITY] Fedora 23 Update: drupal6-6.37-1.fc23
2015-09-06 17:19:14
osv
osv
drupal7 - security update
2015-08-31 00:00:00
debian
debian
[SECURITY] [DSA 3346-1] drupal7 security update
2015-08-31 10:36:43
mageia
mageia
Updated drupal packages fix security vulnerabilities
2015-08-27 23:49:46
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003
2015-08-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3346-1] drupal7 security update
2015-10-26 00:00:00