Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Remediation

References

CVE-2014-2983

Related Vulnerabilities

WordPress Plugin Secure HTML5 Video Player Cross-Site Scripting (3.3)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-9120)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9912)

Perl Numeric Errors Vulnerability (CVE-2011-2939)

WordPress Plugin Rockhoist Ratings SQL Injection (1.2.1)

Severity

Medium

Classification

CVE-2014-2983 CWE-200

Tags

Missing Update Known Vulnerabilities