Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by htaccess_project
CVE-2015-3349 (GCVE-0-2015-3349)
Vulnerability from cvelistv5 – Published: 2015-04-21 16:00 – Updated: 2024-08-06 05:47
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.drupal.org/node/2402825 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/71928 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/01/29/6 | mailing-listx_refsource_MLIST |
| https://www.drupal.org/node/2403445 | x_refsource_MISC |
Date Public
2015-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2402825"
},
{
"name": "71928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71928"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2403445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2402825"
},
{
"name": "71928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71928"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2403445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2402825",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2402825"
},
{
"name": "71928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71928"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
},
{
"name": "https://www.drupal.org/node/2403445",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2403445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3349",
"datePublished": "2015-04-21T16:00:00.000Z",
"dateReserved": "2015-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}