PT-2015-7720 · Drupal+1 · Url Login+2

Publicado

2015-11-06

Atualizado

2015-11-09

CVE-2015-8082

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Drupal Login Disable module versions 6.x-1.x before 6.x-1.1 Drupal Login Disable module versions 7.x-1.x before 7.x-1.2

Description The issue allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module. This can be demonstrated by the CAS and URL Login modules, which do not properly load the user logout function.

Recommendations For Drupal Login Disable module version 6.x-1.x, update to version 6.x-1.1 or later. For Drupal Login Disable module version 7.x-1.x, update to version 7.x-1.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

CVE-2015-8082

Produtos afetados

Cas

Drupal Login Disable

Url Login

PT-2015-7720 · Drupal+1 · Url Login+2

CVE-2015-8082

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6