Vulnerability CVE-2015-3373


Published: 2015-04-21

Description:
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Amazon aws project -> Amazon aws 

 References:
http://cgit.drupalcode.org/aws_amazon/commit/?id=9377a26
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/74277
https://www.drupal.org/node/2415457
https://www.drupal.org/node/2415873

Copyright 2022, cxsecurity.com

 

Back to Top