Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://www.debian.org/security/2014/dsa-2913 | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-2914 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/04/22/2 | Mailing List Third Party Advisory |
| https://drupal.org/SA-CORE-2014-002 | Patch Vendor Advisory |
| http://www.debian.org/security/2014/dsa-2913 | Third Party Advisory |
| http://www.debian.org/security/2014/dsa-2914 | Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2014/04/22/2 | Mailing List Third Party Advisory |
| https://drupal.org/SA-CORE-2014-002 | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.debian.org/security/2014/dsa-2913 - Third Party Advisory | |
| References | () http://www.debian.org/security/2014/dsa-2914 - Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2014/04/22/2 - Mailing List, Third Party Advisory | |
| References | () https://drupal.org/SA-CORE-2014-002 - Patch, Vendor Advisory |
Information
Published : 2014-04-23 15:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2983
Mitre link : CVE-2014-2983
CVE.ORG link : CVE-2014-2983
JSON object : View
Products Affected
debian
- debian_linux
drupal
- drupal
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor