Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2559

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-2559
Last Modified 01 Apr 2015 10:00:25
Published 25 Mar 2015 10:59:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-2559

Summary

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

Application

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.10

  • Drupal 6.11

  • Drupal 6.12

  • Drupal 6.13

  • Drupal 6.14

  • Drupal 6.15

  • Drupal 6.16

  • Drupal 6.17

  • Drupal 6.18

  • Drupal 6.19

  • Drupal 6.2

  • Drupal 6.20

  • Drupal 6.21

  • Drupal 6.22

  • Drupal 6.23

  • Drupal 6.24

  • Drupal 6.25

  • Drupal 6.26

  • Drupal 6.27

  • Drupal 6.28

  • Drupal 6.29

  • Drupal 6.3

  • Drupal 6.30

  • Drupal 6.31

  • Drupal 6.32

  • Drupal 6.33

  • Drupal 6.34

  • Drupal 6.4

  • Drupal 6.5

  • Drupal 6.6

  • Drupal 6.7

  • Drupal 6.8

  • Drupal 6.9

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.10

  • Drupal 7.11

  • Drupal 7.12

  • Drupal 7.13

  • Drupal 7.14

  • Drupal 7.15

  • Drupal 7.16

  • Drupal 7.17

  • Drupal 7.18

  • Drupal 7.19

  • Drupal 7.2

  • Drupal 7.20

  • Drupal 7.21

  • Drupal 7.22

  • Drupal 7.23

  • Drupal 7.24

  • Drupal 7.25

  • Drupal 7.26

  • Drupal 7.27

  • Drupal 7.28

  • Drupal 7.29

  • Drupal 7.3

  • Drupal 7.30

  • Drupal 7.33

  • Drupal 7.34

  • Drupal 7.4

  • Drupal 7.5

  • Drupal 7.6

  • Drupal 7.7

  • Drupal 7.8

  • Drupal 7.9


References

CONFIRM - https://www.drupal.org/SA-CORE-2015-001

DEBIAN - DSA-3200

BID - 73219


Last Updated: 27 May 2016 11:08:14