2 matches found
CVE-2015-3373
CVE-2015-3373 affects the Drupal Amazon AWS contributed module prior to version 7.x-1.3. The vulnerability stems from generating an access token using the base URL and AWS access key, enabling remote attackers to guess the token value and trigger creation of backups via a crafted URL. Affected pr...
SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
Amazon AWS module provides integration with Amazon Web Services AWS. A malicious user could potentially guess an access token and trigger the creation of new backups by making a request to a specially-crafted URL. If the number of stored backups was limited, an attacker could exceed the limit by...