Vulnerability Description
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Services Project | Services | 7.x-3.9 |
Related Weaknesses (CWE)
References
- https://www.drupal.org/node/2344389Vendor Advisory
- https://www.drupal.org/node/2344423Vendor Advisory
- https://www.drupal.org/node/2344389Vendor Advisory
- https://www.drupal.org/node/2344423Vendor Advisory
FAQ
What is CVE-2014-9151?
CVE-2014-9151 is a vulnerability with a CVSS score of 7.5 (HIGH). The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...
How severe is CVE-2014-9151?
CVE-2014-9151 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9151?
Check the references section above for vendor advisories and patch information. Affected products include: Services Project Services.