3 matches found
CVE-2015-4345
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-4345
CVE-2015-4345 affects Drupal's RESTful Web Services RESTWS module (Drupal 7.x). The vulnerability is in the Basic Auth submodule: RESTWS 7.x-1.x versions before 7.x-1.5 and 7.x-2.x before 7.x-2.3 cache pages for authenticated requests, which can lead to information disclosure of potentially sensi...
SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass
This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The RESTWS Basic Auth submodule doesn't sufficiently disable page caching for authenticated requests thereby leaking potentially...