Lucene search

[email protected]CVE-2015-4394

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4394

2015-06-1514:59:48

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-4394

services module

drupal

remote attackers

field_access restriction

sensitive information

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.

Affected configurations

NVD

Node

services_projectservicesMatch7.x-3.0drupal

services_projectservicesMatch7.x-3.1drupal

services_projectservicesMatch7.x-3.2drupal

services_projectservicesMatch7.x-3.3drupal

services_projectservicesMatch7.x-3.4drupal

services_projectservicesMatch7.x-3.5drupal

services_projectservicesMatch7.x-3.6drupal

services_projectservicesMatch7.x-3.7drupal

services_projectservicesMatch7.x-3.10drupal

services_projectservicesMatch7.x-3.11drupal

CPENameOperatorVersion
services_project:servicesservices project serviceseq7.x-3.0
services_project:servicesservices project serviceseq7.x-3.1
services_project:servicesservices project serviceseq7.x-3.2
services_project:servicesservices project serviceseq7.x-3.3
services_project:servicesservices project serviceseq7.x-3.4
services_project:servicesservices project serviceseq7.x-3.5
services_project:servicesservices project serviceseq7.x-3.6
services_project:servicesservices project serviceseq7.x-3.7
services_project:servicesservices project serviceseq7.x-3.10
services_project:servicesservices project serviceseq7.x-3.11

CPE	Name	Operator	Version
services_project:services	services project services	eq	7.x-3.0
services_project:services	services project services	eq	7.x-3.1
services_project:services	services project services	eq	7.x-3.2
services_project:services	services project services	eq	7.x-3.3
services_project:services	services project services	eq	7.x-3.4
services_project:services	services project services	eq	7.x-3.5
services_project:services	services project services	eq	7.x-3.6
services_project:services	services project services	eq	7.x-3.7
services_project:services	services project services	eq	7.x-3.10
services_project:services	services project services	eq	7.x-3.11

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74365

www.drupal.org/node/2471847

www.drupal.org/node/2471879

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for CVE-2015-4394

prion1 cvelist1 nvd1 drupal1