CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
60.8%
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize
failed login attempts for pages that contain a sortable table, which
includes the username and password in links that can be read from (1) the
HTTP referer header of external web sites that are visited from those links
or (2) when page caching is enabled, the Drupal page cache.
Author | Note |
---|---|
mdeslaur | SA-CORE-2009-007 |