Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-2559

Опубликовано: 25 мар. 2015
Источник: debian

Описание

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
drupal7fixed7.32-1+deb8u2package
drupal6removedpackage
drupal6end-of-lifesqueezepackage

Примечания

  • https://www.drupal.org/SA-CORE-2015-001

  • http://cgit.drupalcode.org/drupal/commit/?id=8e54eca05a65c6231b02510e1917af0c9191e549

Связанные уязвимости

ubuntu
больше 10 лет назад

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

nvd
больше 10 лет назад

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

github
около 3 лет назад

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.