6.8

CVE-2013-0205

Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Restful Web Services ProjectRestful Web Services SwPlatformdrupal Version >= 7.x-1.0 < 7.x-1.2
   DrupalDrupal Version >= 7.0 <= 7.82
Restful Web Services ProjectRestful Web Services Version7.x-2.0 Update- SwPlatformdrupal
   DrupalDrupal Version >= 7.0 <= 7.82
Restful Web Services ProjectRestful Web Services Version7.x-2.0 Updatealpha1 SwPlatformdrupal
   DrupalDrupal Version >= 7.0 <= 7.82
Restful Web Services ProjectRestful Web Services Version7.x-2.0 Updatealpha2 SwPlatformdrupal
   DrupalDrupal Version >= 7.0 <= 7.82
Restful Web Services ProjectRestful Web Services Version7.x-2.0 Updatealpha3 SwPlatformdrupal
   DrupalDrupal Version >= 7.0 <= 7.82
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.472
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://www.openwall.com/lists/oss-security/2013/01/21/5
Third Party Advisory
Mailing List
https://drupal.org/node/1890212
Patch
Vendor Advisory
https://drupal.org/node/1890216
Patch
Vendor Advisory
https://drupal.org/node/1890222
Vendor Advisory