3 matches found
CVE-2015-3349
Multiple cross-site request forgery CSRF vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 deploy or 2 delete an .htaccess file via unspecified vectors...
CVE-2015-3349
The CVE-2015-3349 entry concerns Drupal’s Htaccess module (7.x-2.x) with CSRF flaws that allow remote attackers to hijack administrator sessions to deploy or delete an .htaccess file. Affected: Htaccess module for Drupal 7.x, prior to 7.x-2.3. Root cause: Cross-site request forgery in the module’...
CVE-2015-3349
Multiple cross-site request forgery CSRF vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 deploy or 2 delete an .htaccess file via unspecified vectors...