5 matches found
Debian DSA-2913-1 : drupal7 - security update
An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to othe...
[SECURITY] [DSA 2914-1] drupal6 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2914-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2913-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...
CVE-2014-2983
CVE-2014-2983 affects Drupal 6.x before 6.31 and 7.x before 7.27. The issue is an information disclosure where cached data from anonymous users is not properly isolated, potentially allowing remote anonymous users to access sensitive interim form input information in opportunistic scenarios via u...
SA-CORE-2014-002 - Drupal core - Information Disclosure
Drupal's form API has built-in support for temporary storage of form state, for example user input. This is often used on multi-step forms, and is required on Ajax-enabled forms in order to allow the Ajax calls to access and update interim user input on the server. When pages are cached for...