RSS   Vulnerabilities for 'Restws'   RSS

2014-04-06
 
CVE-2013-1946

CWE-20
 

 
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."

 
2013-03-19
 
CVE-2013-0205

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.

 
2012-12-03
 
CVE-2012-5556

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

 

 >>> Vendor: Restful web services project 2 Products
Restws
Restful web services


Copyright 2024, cxsecurity.com

 

Back to Top