CVE-2008-6908

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
marc_ingramservices
5.x-0.9:x
marc_ingramservices
5.x-0.91:x
marc_ingramservices
5.x-1.x-dev:x
marc_ingramservices
6.x-0.9:x
marc_ingramservices
6.x-0.11:x
marc_ingramservices
6.x-0.12:x
marc_ingramservices
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/348295
http://osvdb.org/50743
http://www.securityfocus.com/bid/32894
https://exchange.xforce.ibmcloud.com/vulnerabilities/47458
http://drupal.org/node/348295
http://osvdb.org/50743
http://www.securityfocus.com/bid/32894
https://exchange.xforce.ibmcloud.com/vulnerabilities/47458