Lucene search

[email protected]CVE-2015-4344

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4344

2015-06-1514:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-4344

services basic authentication

drupal

remote attackers

resource restrictions

page caching

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.

Affected configurations

NVD

Node

services_basic_authentication_projectservices_basic_authenticationRange≤7.x-1.3drupal

CPENameOperatorVersion
services_basic_authentication_project:services_basic_authenticationservices basic authentication project services basic authenticationle7.x-1.3

CPE	Name	Operator	Version
services_basic_authentication_project:services_basic_authentication	services basic authentication project services basic authentication	le	7.x-1.3

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72677

www.drupal.org/node/2428851

www.drupal.org/node/2444861

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2015-4344

prion1 cvelist1 drupal1 nvd1