Vulnerability

Drupal Core Password Reset URL Access Bypass Vulnerability (CVE-2015-2559)

Publish date: July 21, 2015

SEVERITY

CRITICAL

//  ADVISORY DATE

21 JUL 2015


DESCRIPTION

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

Trend Micro Deep Security DPI Rule Number: 1006607

Featured Stories

Connect with us on