CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5505

The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.6%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-5505

Codfront Labs » Http Strict Transport Security » Version: 6.x-1.0

cpe:2.3:a:codfront_labs:http_strict_transport_security:6.x-1.0
Codfront Labs » Http Strict Transport Security » Version: 6.x-1.x

cpe:2.3:a:codfront_labs:http_strict_transport_security:6.x-1.x
Codfront Labs » Http Strict Transport Security » Version: 7.x-1.0

cpe:2.3:a:codfront_labs:http_strict_transport_security:7.x-1.0
Codfront Labs » Http Strict Transport Security » Version: 7.x-1.1

cpe:2.3:a:codfront_labs:http_strict_transport_security:7.x-1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5505

Products

Pricing

Contact Us