Lucene search
Ubuntu.comUB:CVE-2009-2374HistoryJul 08, 2009 - 12:00 a.m.
CVE-2009-2374
2009-07-0800:00:00
ubuntu.com
ubuntu.com
10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
60.8%
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize
failed login attempts for pages that contain a sortable table, which
includes the username and password in links that can be read from (1) the
HTTP referer header of external web sites that are visited from those links
or (2) when page caching is enabled, the Drupal page cache.
Notes
| Author | Note |
|---|---|
| mdeslaur | SA-CORE-2009-007 |
Related
nvd
nvd
CVE-2009-2374
2009-07-08 15:30:01
openvas
openvas
Drupal Information Disclosure Vulnerability
2009-07-15 00:00:00
Debian: Security Advisory (DSA-1930-1)
2009-11-11 00:00:00
Debian Security Advisory DSA 1930-1 (drupal6)
2009-11-11 00:00:00
cvelist
cvelist
CVE-2009-2374
2009-07-08 15:00:00
prion
prion
Default credentials
2009-07-08 15:30:00
cve
cve
CVE-2009-2374
2009-07-08 15:30:01
debian
debian
[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities
2009-11-07 00:46:57
nessus
nessus
Debian DSA-1930-1 : drupal6 - several vulnerabilities
2010-02-24 00:00:00
osv
osv
drupal6 - several vulnerabilities
2009-11-07 00:00:00
freebsd
freebsd
drupal -- multiple vulnerabilities
2009-07-01 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
60.8%
Related for UB:CVE-2009-2374