Information disclosure in Drupal - CVE-2014-2983
Published: September 14, 2016 / Updated: September 15, 2016
Vulnerability identifier: #VU449
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-2983
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows attackers to get access to potentially sensitive information.
The weakness is caused by improper checking of input and cache. If the pages are cached for anonymous users an interim form containing confidential or private data can be easily disclosed to the users interacted with the form at the time.
Successful exploitation of this vulnerability may allow a remote attacker to obtain potentially sensitive information.
The weakness is caused by improper checking of input and cache. If the pages are cached for anonymous users an interim form containing confidential or private data can be easily disclosed to the users interacted with the form at the time.
Successful exploitation of this vulnerability may allow a remote attacker to obtain potentially sensitive information.
How to mitigate CVE-2014-2983
Update 6.x to 6.31.
https://www.drupal.org/drupal-6.31-release-notes
Update 7.x to 7.27.
https://www.drupal.org/drupal-7.27-release-notes
https://www.drupal.org/drupal-6.31-release-notes
Update 7.x to 7.27.
https://www.drupal.org/drupal-7.27-release-notes