PT-2009-6225 · Drupal · Drupal Services Module

Published

2009-11-20

Updated

2017-08-17

CVE-2009-4044

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Drupal Web Services module version 6.x

Description The issue concerns the Web Services module for Drupal, which fails to enforce proper access control. This allows remote attackers to exploit an API, although the specific vectors used are not detailed.

Recommendations For Drupal Web Services module version 6.x, update the module to a version that includes the necessary access control fixes.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-4044

Affected Products

Drupal Services Module

PT-2009-6225 · Drupal · Drupal Services Module

CVE-2009-4044

Weakness Enumeration

Related Identifiers

Affected Products

References · 5