Information Disclosure in Menu Links in Drupal - CVE-2015-6661
Published: September 14, 2016
Vulnerability identifier: #VU430
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-6661
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerabiity allows an unathenticated user to obtain potentially sensitive infromation.
The weakness exists due to malicious user's possibility to see the titles of nodes which he wasn't allowed to see before.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive data.
The weakness exists due to malicious user's possibility to see the titles of nodes which he wasn't allowed to see before.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive data.
How to mitigate CVE-2015-6661
Update 6.x to 6.37.
https://www.drupal.org/drupal-6.37-release-notes
Update 7.x to 7.39.
https://www.drupal.org/drupal-7.39-release-notes
https://www.drupal.org/drupal-6.37-release-notes
Update 7.x to 7.39.
https://www.drupal.org/drupal-7.39-release-notes