CVE-2014-9151

Services module 7.x-3.x < 7.x-3.10 - Unauthenticated Brute-Force Attack via Administrative Password

Title source: llm
STIX 2.1

Description

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.drupal.org/node/2344423
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2344389

Scores

EPSS 0.0140
EPSS Percentile 69.2%

Details

CWE
CWE-284
Status published
Products (1)
services_project/services 7.x-3.9
Published Dec 01, 2014
Tracked Since Feb 18, 2026