Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/node/1840740
Patch x_refsource_confirm
http://drupal.org/node/1840722
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/20/4
Patch x_refsource_confirm
http://drupal.org/node/1840728
Scores
EPSS
0.0064
EPSS Percentile
46.5%
Details
CWE
CWE-352
Status
published
Products (4)
restful_web_services_project/restful_web_services
7.x-1.0 (3 CPE variants)
restful_web_services_project/restful_web_services
7.x-1.x dev
restful_web_services_project/restful_web_services
7.x-2.0 alpha1 (2 CPE variants)
restful_web_services_project/restful_web_services
7.x-2.x dev
Published
Dec 03, 2012
Tracked Since
Feb 18, 2026