The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
AV:N/AC:M/Au:N/C:N/I:N/A:PDrupal
APPDrupalwszystkie wersjeRestful Web Services Project Restful Web Services
APPRestful Web Services Project7.x-1.17.x-1.27.x-2.0
Related vulnerabilities
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentiall...
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to ex...
Deserializacja niezaufanych danych w Drupal Core umożliwia RCE
Deserialization podatności w Drupal Core umożliwiająca RCE (Object Injection)
Deserialization gadget chain w Drupal Core umożliwiający RCE