Vulnerability Details : CVE-2015-3373
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL.
Vulnerability category: Information leak
Products affected by CVE-2015-3373
- cpe:2.3:a:amazon_aws_project:amazon_aws:*:*:*:*:*:drupal:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3373
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3373
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-3373
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3373
-
http://www.securityfocus.com/bid/74277
Drupal Amazon AWS Module CVE-2015-3373 Access Bypass Vulnerability
-
https://www.drupal.org/node/2415873
Access to this page has been denied.Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2015/01/29/6
oss-security - Re: CVEs for Drupal contributed modules - January 2015
-
http://cgit.drupalcode.org/aws_amazon/commit/?id=9377a26
Access bypass vulnerability (9377a267) · Commits · project / aws_amazon · GitLab
-
https://www.drupal.org/node/2415457
Access to this page has been denied.Patch
Jump to