CVE-2015-5490
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
18/08/2015
Last modified:
12/04/2025
Description
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:* | ||
| cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:* | ||
| cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:* | ||
| cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:* | ||
| cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cgit.drupalcode.org/views/commit/?id=cef693b
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74462
- https://www.drupal.org/node/2475669
- https://www.drupal.org/node/2480259
- https://www.drupal.org/node/2480327
- http://cgit.drupalcode.org/views/commit/?id=cef693b
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/74462
- https://www.drupal.org/node/2475669
- https://www.drupal.org/node/2480259
- https://www.drupal.org/node/2480327