Back to search
CVE-2009-4533
Published: Dec 31, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36708
vdb-entry
x_refsource_BID
37021
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2923
vdb-entry
x_refsource_VUPEN
http://drupal.org/node/604920
x_refsource_CONFIRM
http://drupal.org/node/604942
x_refsource_CONFIRM
http://drupal.org/node/604922
x_refsource_CONFIRM
58946
vdb-entry
x_refsource_OSVDB
drupal-webform-cache-info-disclosure(53797)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now