CVE-2014-9151
Services module 7.x-3.x < 7.x-3.10 - Unauthenticated Brute-Force Attack via Administrative Password
Title source: llmDescription
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.drupal.org/node/2344423
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2344389
Scores
EPSS
0.0140
EPSS Percentile
69.2%
Details
CWE
CWE-284
Status
published
Products (1)
services_project/services
7.x-3.9
Published
Dec 01, 2014
Tracked Since
Feb 18, 2026