Lucene search
HistoryJun 09, 2014 - 7:55 p.m.
CVE-2013-4595
cve-2013-4595
secure pages module
drupal
https
http
remote attackers
sensitive information
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.9%
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page.
Affected configurations
Node
gordon_heydonsecure_pagesMatch6.x-2.xdev--drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| gordon_heydon:secure_pages | gordon heydon secure pages | eq | 6.x-2.x |
Related
cvelist
cvelist
CVE-2013-4595
2014-06-09 19:00:00
nvd
nvd
CVE-2013-4595
2014-06-09 19:55:09
drupal
drupal
SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data
2013-11-06 00:00:00
prion
prion
Code injection
2014-06-09 19:55:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.9%
Related for CVE-2013-4595