Main Vulnerability Database SB2015092617

SB2015092617 - Debian update for drupal6

Published: September 26, 2015

Security Bulletin ID SB2015092617

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2014-2983)

The vulnerability allows attackers to get access to potentially sensitive information.
The weakness is caused by improper checking of input and cache. If the pages are cached for anonymous users an interim form containing confidential or private data can be easily disclosed to the users interacted with the form at the time.
Successful exploitation of this vulnerability may allow a remote attacker to obtain potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/SA-CORE-2014-002