CVE-2015-5490

Sažetak

The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.

Reference

http://cgit.drupalcode.org/views/commit/?id=cef693b
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/74462
https://www.drupal.org/node/2475669
https://www.drupal.org/node/2480259
https://www.drupal.org/node/2480327

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-11-2016 - 19:33

Objavljeno

18-08-2015 - 17:59