CVE-2013-1946

Опубликовано: 06 апр. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."

Ссылки

http://www.openwall.com/lists/oss-security/2013/04/12/1
http://www.osvdb.org/92259
https://drupal.org/node/1966752
https://drupal.org/node/1966758
Patch
Vendor Advisory
https://drupal.org/node/1966780
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/04/12/1
http://www.osvdb.org/92259
https://drupal.org/node/1966752
https://drupal.org/node/1966758
Patch
Vendor Advisory
https://drupal.org/node/1966780
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00476

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-vp7c-82j8-vfqp

github

около 3 лет назад