Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2983

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2983
Last Modified 24 Apr 2014 01:26:33
Published 23 Apr 2014 11:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2983

Summary

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Vulnerable Systems

Application

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.10

  • Drupal 6.11

  • Drupal 6.12

  • Drupal 6.13

  • Drupal 6.14

  • Drupal 6.15

  • Drupal 6.16

  • Drupal 6.17

  • Drupal 6.18

  • Drupal 6.19

  • Drupal 6.2

  • Drupal 6.20

  • Drupal 6.21

  • Drupal 6.22

  • Drupal 6.23

  • Drupal 6.24

  • Drupal 6.25

  • Drupal 6.26

  • Drupal 6.27

  • Drupal 6.28

  • Drupal 6.29

  • Drupal 6.3

  • Drupal 6.30

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.10

  • Drupal 7.11

  • Drupal 7.12

  • Drupal 7.13

  • Drupal 7.14

  • Drupal 7.15

  • Drupal 7.16

  • Drupal 7.17

  • Drupal 7.18

  • Drupal 7.19

  • Drupal 7.2

  • Drupal 7.20

  • Drupal 7.21

  • Drupal 7.22

  • Drupal 7.23

  • Drupal 7.24

  • Drupal 7.25

  • Drupal 7.26


References

CONFIRM - https://drupal.org/SA-CORE-2014-002

MLIST - [oss-security] 20140421 Re: CVE Request for Drupal Core


Last Updated: 27 May 2016 11:05:05