CVE-2013-0205
Published Mar 19, 2013
Last updated 3 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:*:*:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "41F98DA2-052C-4FB0-B03F-67A099C5F918",
"versionEndExcluding": "7.x-1.2",
"versionStartIncluding": "7.x-1.0"
},
{
"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:-:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "8B9DF868-6AEB-46F1-8AFF-38E816BC009A"
},
{
"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha1:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "B514E25A-AA3B-4FDB-B2D5-D90CCB1E5D3C"
},
{
"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha2:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "3026D944-0FF7-4F84-BC41-A6FF5B368A3D"
},
{
"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha3:*:*:*:drupal:*:*",
"vulnerable": true,
"matchCriteriaId": "32B60142-D4F5-4F73-8CE3-6CC9EC39F5D4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "08E6CE0C-634D-4157-AA07-CCAB72238AC7",
"versionEndIncluding": "7.82",
"versionStartIncluding": "7.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]