Drupal Core Password Reset URL Access Bypass Vulnerability (CVE-2015-2559)
Publish Date: 21 luglio 2015
Gravità: : Critico
Data notifica: 21 luglio 2015
Descrizione
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1006607