#VU430 Information Disclosure in Menu Links in Drupal - CVE-2015-6661
Published: September 14, 2016
Vulnerability identifier: #VU430
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-6661
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Drupal
Drupal
Software vendor:
Drupal
Drupal
Description
The vulnerabiity allows an unathenticated user to obtain potentially sensitive infromation.
The weakness exists due to malicious user's possibility to see the titles of nodes which he wasn't allowed to see before.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive data.
The weakness exists due to malicious user's possibility to see the titles of nodes which he wasn't allowed to see before.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive data.
Remediation
Update 6.x to 6.37.
https://www.drupal.org/drupal-6.37-release-notes
Update 7.x to 7.39.
https://www.drupal.org/drupal-7.39-release-notes
https://www.drupal.org/drupal-6.37-release-notes
Update 7.x to 7.39.
https://www.drupal.org/drupal-7.39-release-notes