CVE-2009-2374
Last modified
CVE-2009-2374 is a vulnerability of currently unknown severity. Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.. EPSS estimates a 1.40% chance of exploitation in the next 30 days.
Description
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 5.0, < 5.19 |
| Drupal | Drupal | >= 6.0, < 6.13 |
References
- http://drupal.org/node/507572Patch, Vendor Advisory
- http://osvdb.org/55524Broken Link, Patch
- http://secunia.com/advisories/35657Third Party Advisory
- http://secunia.com/advisories/35681Third Party Advisory
- http://drupal.org/node/507572Patch, Vendor Advisory
- http://osvdb.org/55524Broken Link, Patch
- http://secunia.com/advisories/35657Third Party Advisory
- http://secunia.com/advisories/35681Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2374?
How severe is CVE-2009-2374?
How do I fix CVE-2009-2374?
Are you affected by CVE-2009-2374?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST