Lucene search

[email protected]NVD:CVE-2015-4375

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4375

2015-06-1514:59:32

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.

Affected configurations

Nvd

Node

chaos_tool_suite_projectctoolsMatch7.x-1.0drupal

chaos_tool_suite_projectctoolsMatch7.x-1.1drupal

chaos_tool_suite_projectctoolsMatch7.x-1.2drupal

chaos_tool_suite_projectctoolsMatch7.x-1.3drupal

chaos_tool_suite_projectctoolsMatch7.x-1.4drupal

chaos_tool_suite_projectctoolsMatch7.x-1.5drupal

chaos_tool_suite_projectctoolsMatch7.x-1.6drupal

chaos_tool_suite_projectctoolsMatch7.x-1.6rc1drupal

VendorProductVersionCPE
chaos_tool_suite_projectctools7.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.1cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.2cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.3cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.4cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.5cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.6cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools7.x-1.6cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
chaos_tool_suite_project	ctools	7.x-1.0	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.0:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.1	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.1:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.2	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.2:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.3	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.3:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.4	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.4:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.5	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.5:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.6	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:::::drupal::
chaos_tool_suite_project	ctools	7.x-1.6	cpe:2.3:a:chaos_tool_suite_project:ctools:7.x-1.6:rc1::::drupal::*

References

www.openwall.com/lists/oss-security/2015/03/22/35

www.openwall.com/lists/oss-security/2015/04/25/6

www.drupal.org/node/2454883

www.drupal.org/node/2454909

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

Related for NVD:CVE-2015-4375

cve1 prion1 cvelist1 drupal1