Security Advisory

CVE-2008-6910

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-08-06 18:00:00

Last updated 2024-08-07 11:49:02

Assigner mitre

State PUBLISHED

Description

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.

← Browse all CVEs View on cve.org ↗