| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Spider Video Player Module on Drupal. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes access control (File). This vulnerability is handled as CVE-2015-4351. There is not any exploit available.
Details
A vulnerability has been found in Spider Video Player Module on Drupal (Multimedia Player Software) (version unknown) and classified as problematic. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a access control vulnerability (File). The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect availability. The summary by CVE is:
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
The weakness was released 06/15/2015 by Security Team with Drupal Security Team (Website). The advisory is shared at drupal.org. This vulnerability is known as CVE-2015-4351 since 06/05/2015. The attack can be launched remotely. The successful exploitation requires a single authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 72817†). Entry connected to this vulnerability is available at VDB-75902. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.3
VulDB Base Score: 4.3
VulDB Temp Score: 4.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: FileClass: Access control / File
CWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
02/27/2015 🔍06/05/2015 🔍
06/15/2015 🔍
06/15/2015 🔍
06/16/2015 🔍
04/06/2019 🔍
Sources
Advisory: drupal.orgResearcher: Security Team
Organization: Drupal Security Team
Status: Not defined
CVE: CVE-2015-4351 (🔍)
GCVE (CVE): GCVE-0-2015-4351
GCVE (VulDB): GCVE-100-75901
SecurityFocus: 72817 - Spider Video Player Module Arbitrary File Deletion and Cross Site Request Forgery Vulnerabilities
See also: 🔍
Entry
Created: 06/16/2015 10:16Updated: 04/06/2019 17:34
Changes: 06/16/2015 10:16 (52), 04/06/2019 17:34 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.