Lucene search

[email protected]CVE-2013-1946

HistoryApr 06, 2014 - 4:55 p.m.

CVE-2013-1946

2014-04-0616:55:06

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-1946

drupal

restws module

denial of service

page caching

http accept header

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can “interfere with Drupal’s page cache.”

Affected configurations

NVD

Node

restful_web_services_projectrestful_web_servicesMatch7.x-1.1

restful_web_services_projectrestful_web_servicesMatch7.x-1.2

restful_web_services_projectrestful_web_servicesMatch7.x-2.0alpha3

restful_web_services_projectrestful_web_servicesMatch7.x-2.0alpha4

AND

drupaldrupalMatch-

CPENameOperatorVersion
restful_web_services_project:restful_web_servicesrestful web services project restful web serviceseq7.x-1.1
restful_web_services_project:restful_web_servicesrestful web services project restful web serviceseq7.x-1.2
restful_web_services_project:restful_web_servicesrestful web services project restful web serviceseq7.x-2.0

CPE	Name	Operator	Version
restful_web_services_project:restful_web_services	restful web services project restful web services	eq	7.x-1.1
restful_web_services_project:restful_web_services	restful web services project restful web services	eq	7.x-1.2
restful_web_services_project:restful_web_services	restful web services project restful web services	eq	7.x-2.0

References

www.openwall.com/lists/oss-security/2013/04/12/1

www.osvdb.org/92259

drupal.org/node/1966752

drupal.org/node/1966758

drupal.org/node/1966780

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2013-1946

cvelist1 drupal1 prion1 nvd1