CVE-2014-8735

Severity CVSS v4.0:

Pending analysis

Type:

CWE-200 Information Leak / Disclosure

Publication date:

12/11/2014

Last modified:

12/04/2025

Description

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file.

Impact

Vector 2.0

AV:N/AC:L/Au:S/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.00 MEDIUM
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

4.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc1::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc2::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.x:dev::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.1:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2:rc14::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.13:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.14:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.113:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.114:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.115:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.116:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.200:rc14::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.214:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.215:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.216:::::drupal::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc1::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.0:rc2::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-1.x:dev::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.1:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.2:rc14::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.13:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.14:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.113:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.114:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.115:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.116:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.200:rc14::::drupal::*
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.214:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.215:::::drupal::
cpe:2.3:a:bad_behavior_project:bad_behavior:6.x-2.216:::::drupal::

CVE-2014-8735

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools