Lucene search
MitreCVE-2015-4362HistoryJun 15, 2015 - 2:59 p.m.
CVE-2015-4362
2015-06-1514:59:16
CWE-352
mitre
web.nvd.nist.gov
25
csrf
vulnerability
tracking code
drupal
hijack authentication
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.003
Percentile
71.0%
Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.
Affected configurations
Node
tracking_code_projecttracking_codeMatch7.x-1.xdevdrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tracking_code_project | tracking_code | 7.x-1.x | cpe:2.3:a:tracking_code_project:tracking_code:7.x-1.x:dev:*:*:*:drupal:*:* |
Related
cvelist
cvelist
CVE-2015-4362
2015-06-15 14:00:00
drupal
drupal
SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery (CSRF)
2015-03-04 00:00:00
nvd
nvd
CVE-2015-4362
2015-06-15 14:59:16
prion
prion
Cross site request forgery (csrf)
2015-06-15 14:59:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.003
Percentile
71.0%
Related for CVE-2015-4362