Lucene search

MitreCVE-2015-4379

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4379

2015-06-1514:59:36

CWE-352

mitre

web.nvd.nist.gov

cve-2015-4379

cross-site request forgery

csrf

webform multiple file upload

drupal

remote attackers

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.

Affected configurations

Nvd

Node

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.0drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.1drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.2drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch7.x-1.2drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch7.x-1.xdevdrupal

VendorProductVersionCPE
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.0cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.0:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.1cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.1:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.2cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.2:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload7.x-1.2cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.2:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload7.x-1.xcpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.x:dev:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.0	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.0:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.1	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.1:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.2	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.2:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	7.x-1.2	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.2:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	7.x-1.x	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.x:dev::::drupal::*

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74343

www.drupal.org/node/2459031

www.drupal.org/node/2459035

www.drupal.org/node/2459323

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Related for CVE-2015-4379