Lucene search

[email protected]CVE-2015-5509

HistoryAug 18, 2015 - 6:00 p.m.

CVE-2015-5509

2015-08-1818:00:14

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5509

administration views

drupal

access control

bypass restrictions

security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors.

Affected configurations

NVD

Node

administration_views_projectadministration_viewsMatch7.x-1.0drupal

administration_views_projectadministration_viewsMatch7.x-1.0rc1drupal

administration_views_projectadministration_viewsMatch7.x-1.1drupal

administration_views_projectadministration_viewsMatch7.x-1.2drupal

administration_views_projectadministration_viewsMatch7.x-1.xdevdrupal

CPENameOperatorVersion
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.0
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.1
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.2
administration_views_project:administration_viewsadministration views project administration viewseq7.x-1.x

CPE	Name	Operator	Version
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.0
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.1
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.2
administration_views_project:administration_views	administration views project administration views	eq	7.x-1.x

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.securityfocus.com/bid/75278

www.drupal.org/node/2430043

www.drupal.org/node/2507645

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2015-5509

prion1 drupal1 nvd1 cvelist1