Vulnerability Description
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Restful Web Services Project | Restful Web Services | 7.x-1.1 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/04/12/1
- http://www.osvdb.org/92259
- https://drupal.org/node/1966752
- https://drupal.org/node/1966758PatchVendor Advisory
- https://drupal.org/node/1966780PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2013/04/12/1
- http://www.osvdb.org/92259
- https://drupal.org/node/1966752
- https://drupal.org/node/1966758PatchVendor Advisory
- https://drupal.org/node/1966780PatchVendor Advisory
FAQ
What is CVE-2013-1946?
CVE-2013-1946 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows r...
How severe is CVE-2013-1946?
CVE-2013-1946 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1946?
Check the references section above for vendor advisories and patch information. Affected products include: Restful Web Services Project Restful Web Services, Drupal Drupal.