Vulnerability Description
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Views Project | Views | 7.x-3.5 |
Related Weaknesses (CWE)
References
- http://cgit.drupalcode.org/views/commit/?id=cef693b
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74462
- https://www.drupal.org/node/2475669Exploit
- https://www.drupal.org/node/2480259Patch
- https://www.drupal.org/node/2480327PatchVendor Advisory
- http://cgit.drupalcode.org/views/commit/?id=cef693b
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74462
- https://www.drupal.org/node/2475669Exploit
- https://www.drupal.org/node/2480259Patch
- https://www.drupal.org/node/2480327PatchVendor Advisory
FAQ
What is CVE-2015-5490?
CVE-2015-5490 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attacke...
How severe is CVE-2015-5490?
CVE-2015-5490 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5490?
Check the references section above for vendor advisories and patch information. Affected products include: Views Project Views.