CVE-2012-5556

Multiple cross-site request forgery CSRF vulnerabilities in the RESTful Web Services RESTWS module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

CVE-2012-5556

The CVE-2012-5556 issue affects the Drupal RESTful Web Services (RESTWS) module for Drupal 7.x, specifically RESTWS 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3. Root cause: POST requests were not sufficiently verified, enabling CSRF. Impact: remote attackers could hijack the authenti...

CVE-2012-5556

Multiple cross-site request forgery CSRF vulnerabilities in the RESTful Web Services RESTWS module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The module doesn't sufficiently verify POST requests thereby exposing a Cross Site Request Forgery vulnerability. This vulnerability is...