Lucene search

[email protected]NVD:CVE-2015-4379

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4379

2015-06-1514:59:36

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.

Affected configurations

Nvd

Node

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.0drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.1drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch6.x-1.2drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch7.x-1.2drupal

webform_multiple_file_upload_projectwebform_multiple_file_uploadMatch7.x-1.xdevdrupal

VendorProductVersionCPE
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.0cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.0:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.1cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.1:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload6.x-1.2cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.2:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload7.x-1.2cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.2:*:*:*:*:drupal:*:*
webform_multiple_file_upload_projectwebform_multiple_file_upload7.x-1.xcpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.x:dev:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.0	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.0:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.1	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.1:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	6.x-1.2	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:6.x-1.2:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	7.x-1.2	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.2:::::drupal::
webform_multiple_file_upload_project	webform_multiple_file_upload	7.x-1.x	cpe:2.3:a:webform_multiple_file_upload_project:webform_multiple_file_upload:7.x-1.x:dev::::drupal::*

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/74343

www.drupal.org/node/2459031

www.drupal.org/node/2459035

www.drupal.org/node/2459323

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Related for NVD:CVE-2015-4379

cvelist1 drupal1 cve1 prion1