4.3
CVE-2013-1946
- EPSS 0.48%
- Veröffentlicht 06.04.2014 16:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Restful Web Services Project ≫ Restful Web Services Version7.x-1.1
Restful Web Services Project ≫ Restful Web Services Version7.x-1.2
Restful Web Services Project ≫ Restful Web Services Version7.x-2.0 Updatealpha3
Restful Web Services Project ≫ Restful Web Services Version7.x-2.0 Updatealpha4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.