NVD

Id
26629  
Name
CVE-2015-5490  
Description
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2015-08-18  
Modified Date
2016-11-28  
Seq
2015-5490  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
140899 26629 CVE-2015-5490 http://cgit.drupalcode.org/views/commit/?id=cef693b  View
140900 26629 CVE-2015-5490 [oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)  View
140901 26629 CVE-2015-5490 74462  View
140902 26629 CVE-2015-5490 https://www.drupal.org/node/2475669  View
140903 26629 CVE-2015-5490 https://www.drupal.org/node/2480259  View
140904 26629 CVE-2015-5490 https://www.drupal.org/node/2480327  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9051 JVNDB-2015-004371 Drupal 用 Views モジュールの includes/cache.inc の _views_fetch_data メソッドにおける意図したフィルターを回避される脆弱性 Drupal 用 Views モジュールの includes/cache.inc の _views_fetch_data メソッドは、静的キャッシュ (static cache) が空でない場合、フルキャッシュを再構築しないため、意図したフィルターを回避され、隠れたコンテンツのアクセス権を取得される脆弱性が存在します。 CVE-2015-5490 82715 CVE-2015-5490 26629 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004371.html 2015-04-29 2015-08-25 View