CVE-2015-4345

RESTful Web Services 7.x-1.x < 7.x-1.5 and 7.x-2.x < 7.x-2.3 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72676
Patch x_refsource_confirm
https://www.drupal.org/node/2428857
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/04/25/6
Patch x_refsource_confirm
https://www.drupal.org/node/2428855
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2428863

Scores

EPSS 0.0140
EPSS Percentile 69.2%

Details

CWE
CWE-200
Status published
Products (8)
restful_web_services_project/restful_web_services 7.x-1.0
restful_web_services_project/restful_web_services 7.x-1.1
restful_web_services_project/restful_web_services 7.x-1.2
restful_web_services_project/restful_web_services 7.x-1.3
restful_web_services_project/restful_web_services 7.x-1.4
restful_web_services_project/restful_web_services 7.x-2.0
restful_web_services_project/restful_web_services 7.x-2.1
restful_web_services_project/restful_web_services 7.x-2.2
Published Jun 15, 2015
Tracked Since Feb 18, 2026