Vulnerability Description
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pass2Pdf Project | Pass2Pdf | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74755
- https://www.drupal.org/node/2492205PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74755
- https://www.drupal.org/node/2492205PatchVendor Advisory
FAQ
What is CVE-2015-5496?
CVE-2015-5496 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
How severe is CVE-2015-5496?
CVE-2015-5496 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5496?
Check the references section above for vendor advisories and patch information. Affected products include: Pass2Pdf Project Pass2Pdf.