Published: 23/04/2014 Updated: 20/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal
debian debian linux 6.0
debian debian linux 7.0
debian debian linux 8.0

An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework When pages are cached for anonymous users, form state may leak between anonymous users Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same ti ...

CWE-200 https://drupal.org/SA-CORE-2014-002 http://www.openwall.com/lists/oss-security/2014/04/22/2 http://www.debian.org/security/2014/dsa-2914 http://www.debian.org/security/2014/dsa-2913 https://nvd.nist.gov https://www.debian.org/security/./dsa-2913

CVE-2014-2983

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect