FEDORA-EPEL-2009-0001 created by ausil 12 years ago for Fedora EPEL 5
stable

When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password are included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer. In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user might be able to retrieve the "incorrect" username and password from the page cache. http://drupal.org/node/507572

This update has been pushed to stable

12 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
12 years ago
in stable
12 years ago

Automated Test Results