Lucene search
MitreCVE-2015-3373HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3373
2015-04-2116:59:31
CWE-200
mitre
web.nvd.nist.gov
35
cve-2015-3373
amazon aws
drupal
access token
remote attack
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.005
Percentile
75.7%
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.
Affected configurations
Node
amazon_aws_projectamazon_awsRange≤7.x-1.2drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon_aws_project | amazon_aws | * | cpe:2.3:a:amazon_aws_project:amazon_aws:*:*:*:*:*:drupal:*:* |
Related
nvd
nvd
CVE-2015-3373
2015-04-21 16:59:31
prion
prion
Code injection
2015-04-21 16:59:00
cvelist
cvelist
CVE-2015-3373
2015-04-21 16:00:00
drupal
drupal
SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
2015-01-28 00:00:00
kaspersky
kaspersky
KLA10563 Multiple vulnerabilities in Drupal modules
2015-04-21 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.005
Percentile
75.7%
Related for CVE-2015-3373