2 matches found
CVE-2008-6910
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request...
CVE-2008-6910
CVE-2008-6910 affects Drupal modules (Services 5.x up to 5.x-0.91/0.92 and 6.x up to 6.x-0.13). The root cause is that signed requests do not implement timeouts, enabling a replay attack that can impersonate other users and escalate privileges. Exposed components: the Drupal Services module on af...