Vulnerability Details : CVE-2014-8735
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.
Vulnerability category: Information leak
Products affected by CVE-2014-8735
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.116:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.200:rc14:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.214:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.215:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2213:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2214:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2215:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.220:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2215:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2216:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.x:dev:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc1:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.113:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.115:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.216:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.220:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.228:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2211:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.222:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.225:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2211:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2213:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc2:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.x:dev:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.1:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2:rc14:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.13:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.222:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.223:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.225:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.226:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.226:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.227:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.228:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2210:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.14:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.114:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.217:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.221:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.227:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2210:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2212:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.221:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.223:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2212:*:*:*:*:drupal:*:*
- cpe:2.3:a:bad_behavior_project:bad_behavior:7.x-2.2214:*:*:*:*:drupal:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8735
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8735
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-8735
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8735
-
https://www.drupal.org/node/2360953
Access to this page has been denied.Patch;Third Party Advisory
-
https://www.drupal.org/node/2360955
Access to this page has been denied.Patch;Third Party Advisory
-
https://www.drupal.org/node/2361611
Access to this page has been denied.Patch;Third Party Advisory
Jump to