Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1946

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1946
Last Modified 07 Apr 2014 01:00:55
Published 06 Apr 2014 12:55:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1946

Summary

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."

Vulnerable Systems

Application

  • Restful Web Services Project Restws 7.x-1.0

  • Restful Web Services Project Restws 7.x-1.1

  • Restful Web Services Project Restws 7.x-1.2

  • Restful Web Services Project Restws 7.x-2.0


References

MISC - https://drupal.org/node/1966780

CONFIRM - https://drupal.org/node/1966758

CONFIRM - https://drupal.org/node/1966752

OSVDB - 92259

MLIST - [oss-security] 20130412 Re: CVE request for Drupal contributed modules


Last Updated: 27 May 2016 11:04:52