CVE-2013-1946 - Vulnerability Details - OpenCVE

The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Restful Web Services Project	Restful Web Services

Configuration 1 [-]

AND

OR	cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.1:::::::*
	cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.2:::::::*
	cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha3::::::
	cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha4::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2013/04/12/1
http://www.osvdb.org/92259
https://drupal.org/node/1966752
https://drupal.org/node/1966758
https://drupal.org/node/1966780

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-06T16:00:00

Updated: 2024-08-06T15:20:37.282Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1946

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-04-06T16:55:06.970

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-1946

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can \"interfere with Drupal's page cache.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-06T15:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "92259", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/92259"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/1966758"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/1966752"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/1966780"}, {"name": "[oss-security] 20130412 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/04/12/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1946", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can \"interfere with Drupal's page cache.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92259", "refsource": "OSVDB", "url": "http://www.osvdb.org/92259"}, {"name": "https://drupal.org/node/1966758", "refsource": "CONFIRM", "url": "https://drupal.org/node/1966758"}, {"name": "https://drupal.org/node/1966752", "refsource": "CONFIRM", "url": "https://drupal.org/node/1966752"}, {"name": "https://drupal.org/node/1966780", "refsource": "MISC", "url": "https://drupal.org/node/1966780"}, {"name": "[oss-security] 20130412 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/04/12/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.282Z"}, "title": "CVE Program Container", "references": [{"name": "92259", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/92259"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/1966758"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/1966752"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/1966780"}, {"name": "[oss-security] 20130412 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/04/12/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1946", "datePublished": "2014-04-06T16:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "33B0E327-B2E6-461C-8348-52D32DFFACC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D11CC28-9A03-4005-9CA4-DDD761716E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "E992D7B0-649D-4B30-9519-8C0F044E0318", "vulnerable": true}, {"criteria": "cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "242FB111-A4C7-4165-8F5F-B0B5EB3E8924", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can \"interfere with Drupal's page cache.\""}, {"lang": "es", "value": "El m\u00f3dulo RESTful Web Services (RESTWS) 7.x-1.x anterior a 7.x-1.3 y 7.x-2.x anterior a 7.x-2.0-alpha5 para Drupal, cuando el cacheo de la p\u00e1gina est\u00e1 habilitado y usuarios an\u00f3nimos se les asignan permisos RESTWS, permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una solicitud GET con una cabecera HTTP Accept configurada hacia un tipo no HTML, lo que puede \"interferir con el cacheo de p\u00e1gina de Drupal.\""}], "id": "CVE-2013-1946", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-06T16:55:06.970", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/04/12/1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/92259"}, {"source": "secalert@redhat.com", "url": "https://drupal.org/node/1966752"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/1966758"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/1966780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/04/12/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/92259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://drupal.org/node/1966752"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/1966758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/1966780"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}