Lucene search

[email protected]NVD:CVE-2013-4595

HistoryJun 09, 2014 - 7:55 p.m.

CVE-2013-4595

2014-06-0919:55:09

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.8%

JSON

The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page.

Affected configurations

NVD

Node

gordon_heydonsecure_pagesMatch6.x-2.xdev--drupal

References

seclists.org/oss-sec/2013/q4/317

drupal.org/node/2128739

drupal.org/node/2129381

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for NVD:CVE-2013-4595

cvelist1 cve1 drupal1 prion1