FKIE_CVE-2015-5490

Vulnerability from fkie_nvd - Published: 2015-08-18 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
References
cve@mitre.orghttp://cgit.drupalcode.org/views/commit/?id=cef693b
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2015/07/04/4
cve@mitre.orghttp://www.securityfocus.com/bid/74462
cve@mitre.orghttps://www.drupal.org/node/2475669Exploit
cve@mitre.orghttps://www.drupal.org/node/2480259Patch
cve@mitre.orghttps://www.drupal.org/node/2480327Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://cgit.drupalcode.org/views/commit/?id=cef693b
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/07/04/4
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74462
af854a3a-2127-422b-91ae-364da2661108https://www.drupal.org/node/2475669Exploit
af854a3a-2127-422b-91ae-364da2661108https://www.drupal.org/node/2480259Patch
af854a3a-2127-422b-91ae-364da2661108https://www.drupal.org/node/2480327Patch, Vendor Advisory
Impacted products
Vendor Product Version
views_project views 7.x-3.5
views_project views 7.x-3.6
views_project views 7.x-3.7
views_project views 7.x-3.8
views_project views 7.x-3.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "15890CE7-5208-4DD1-BCAC-2809091145D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "2D7AEF4E-57D4-4126-B013-0E9EA29F1875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "013171AE-1195-496C-AF2E-450DA98A2D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "F1D695A3-33F1-4E15-BA91-AF7A3C153D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:*",
              "matchCriteriaId": "17D783C7-6DC2-4113-BA1E-021162A302DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el m\u00e9todo _views_fetch_data en includes/cache.inc en el m\u00f3dulo Views 7.x-3.5 hasta 7.x-3.10 para Drupal, no reconstruye la cach\u00e9 completa si la cach\u00e9 est\u00e1tica no est\u00e1 vac\u00eda, lo que permite a atacantes remotos eludir los filtros previstos y obtener acceso a contenido oculto a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5490",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-18T17:59:31.833",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74462"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.drupal.org/node/2475669"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://www.drupal.org/node/2480259"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.drupal.org/node/2480327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.drupal.org/node/2475669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.drupal.org/node/2480259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.drupal.org/node/2480327"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.