Lucene search
HistoryApr 21, 2015 - 4:59 p.m.
CVE-2015-3373
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
75.7%
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.
Affected configurations
Node
amazon_aws_projectamazon_awsRange≤7.x-1.2drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon_aws_project | amazon_aws | * | cpe:2.3:a:amazon_aws_project:amazon_aws:*:*:*:*:*:drupal:*:* |
Related
prion
prion
Code injection
2015-04-21 16:59:00
cvelist
cvelist
CVE-2015-3373
2015-04-21 16:00:00
drupal
drupal
SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
2015-01-28 00:00:00
cve
cve
CVE-2015-3373
2015-04-21 16:59:31
kaspersky
kaspersky
KLA10563 Multiple vulnerabilities in Drupal modules
2015-04-21 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
75.7%
Related for NVD:CVE-2015-3373