Vulnerability Details CVE-2015-4344
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/72677
- https://www.drupal.org/node/2428851
- https://www.drupal.org/node/2444861
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/72677
- https://www.drupal.org/node/2428851
- https://www.drupal.org/node/2444861
Products affected by CVE-2015-4344
-
cpe:2.3:a:services_basic_authentication_project:services_basic_authentication:7.x-1.0
-
cpe:2.3:a:services_basic_authentication_project:services_basic_authentication:7.x-1.1
-
cpe:2.3:a:services_basic_authentication_project:services_basic_authentication:7.x-1.2
-
cpe:2.3:a:services_basic_authentication_project:services_basic_authentication:7.x-1.3