Lucene search

[email protected]CVE-2015-2559

HistoryMar 25, 2015 - 2:59 p.m.

CVE-2015-2559

2015-03-2514:59:00

CWE-284

[email protected]

web.nvd.nist.gov

drupal

cve-2015-2559

password reset

security vulnerability

6.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq7.0
drupal:drupaldrupallt6.35
drupal:drupaldrupallt7.35

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	7.0
drupal:drupal	drupal	lt	6.35
drupal:drupal	drupal	lt	7.35

References

www.debian.org/security/2015/dsa-3200

www.securityfocus.com/bid/73219

www.drupal.org/SA-CORE-2015-001

6.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for CVE-2015-2559

prion1 securityvulns3 openvas6 debian1 archlinux1 ubuntucve1 debiancve1 nessus5 drupal1 mageia1 ubuntu1 osv1