3 matches found
CVE-2013-4595
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...
CVE-2013-4595
The CVE-2013-4595 entry concerns the Drupal Secure Pages module (6.x-2.x) prior to 6.x-2.0. A URL matching flaw caused HTTP to be used instead of HTTPS, potentially exposing sensitive data via crafted pages. Remediation is to upgrade to Secure Pages 6.x-2.0. The Drupal core is not affected.
SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data
The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...