3 matches found
CVE-2013-0205
Cross-site request forgery CSRF vulnerability in the RESTful Web Services restws module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors...
CVE-2013-0205
The Drupal RESTful Web Services (RESTWS) module (7.x-1.x, 7.x-2.x branches) contains a CSRF vulnerability that allows remote attackers to hijack the authentication of arbitrary users. Affected versions are RESTWS 7.x-1.x prior to 7.x-1.2 and RESTWS 7.x-2.x prior to 7.x-2.0-alpha4. The issue stems...
SA-CONTRIB-2013-003 - RESTful Web Services - Cross site request forgery (CSRF)
This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The module doesn't sufficiently verify POST requests thereby exposing a Cross Site Request Forgery vulnerability. This vulnerability is...