Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2374

Опубликовано: 08 июл. 2009
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 5.0 (включая) до 5.19 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 6.0 (включая) до 6.13 (исключая)

EPSS

Процентиль: 53%
0.003
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

ubuntu
около 16 лет назад

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

debian
около 16 лет назад

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...

github
больше 3 лет назад

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

EPSS

Процентиль: 53%
0.003
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255