Lucene search

[email protected]CVE-2015-7875

HistoryAug 07, 2017 - 5:29 p.m.

CVE-2015-7875

2017-08-0717:29:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-7875

drupal

ctools

content type

permission

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the “edit” permission for the “content type” plugins that are used on Panels and similar systems to place content and functionality on a page.

CPENameOperatorVersion
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.0
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.0
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.1
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.1
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.7
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.6
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.6
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq7.x-1.x
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.4
chaos_tool_suite_project:ctoolschaos tool suite project ctoolseq6.x-1.9

CPE	Name	Operator	Version
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.0
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.0
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.1
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.1
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.7
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.6
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.6
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	7.x-1.x
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.4
chaos_tool_suite_project:ctools	chaos tool suite project ctools	eq	6.x-1.9

Rows per page:

1-10 of 231

References

www.openwall.com/lists/oss-security/2015/10/21/2

www.securityfocus.com/bid/76441

www.drupal.org/node/2554145

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for CVE-2015-7875

prion1 cvelist1 drupal1 ibm2