Lucene search

[email protected]CVE-2015-4352

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4352

2015-06-1514:59:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-4352

csrf

drupal

spider video player

vulnerability

remote attackers

authentication hijacking

video deletion

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.

Affected configurations

NVD

Node

web-doradoweb-dorado_spider_video_playerMatch-drupal

CPENameOperatorVersion
web-dorado:web-dorado_spider_video_playerweb-dorado web-dorado spider video playereq-

CPE	Name	Operator	Version
web-dorado:web-dorado_spider_video_player	web-dorado web-dorado spider video player	eq	-

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72817

www.drupal.org/node/2437981

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2015-4352

prion1 nvd1 cvelist1 drupal1