Home > Vulnerability Database > CVE-2009-2374

Mend.io Vulnerability Database

CVE-2009-2374

Date: July 8, 2009

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

Severity Score

3.7

Related Resources (7)

Url: http://secunia.com/advisories/35657

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-2374

Url: http://secunia.com/advisories/35681

Url: http://drupal.org/node/507572

Url: http://osvdb.org/55524

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2374

Url: https://www.mend.io/vulnerability-database/CVE-2009-2374

Severity Score

3.7

Weakness Type (CWE)

Credentials Management

CWE-255

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-2374

Date: July 8, 2009

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?