2 matches found
CVE-2015-5505
CVE-2015-5505 relates to Drupal’s contributed HTTP Strict Transport Security (HSTS) module. The module versions 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.2 do not correctly implement the include_subdomains directive, causing the HSTS policy not to be applied to subdomains. This is descr...
HTTP Strict Transport Security - Moderately Critical - Logical Error - SA-CONTRIB-2015-118
The contributed HSTS module makes it easy for site administrators to implement HTTP Strict Transport Security HSTS by setting the Strict-Transport-Security header on each page generated by Drupal. HSTS module provides a configuration UI for the HSTS "include subdomains" directive, which indicates...