Vulnerability Details CVE-2015-3366
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.2%
CVSS Severity
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/74273
- https://www.drupal.org/node/2411501
- https://www.drupal.org/node/2411523
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/74273
- https://www.drupal.org/node/2411501
- https://www.drupal.org/node/2411523
Products affected by CVE-2015-3366
-
cpe:2.3:a:alfresco:alfresco:-
-
cpe:2.3:a:alfresco:alfresco:6.x-1.0
-
cpe:2.3:a:alfresco:alfresco:6.x-1.1
-
cpe:2.3:a:alfresco:alfresco:6.x-1.2