The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
AV:N/AC:L/Au:N/C:P/I:N/A:NRestful Web Services Project Restful Web Services
APPRestful Web Services Project7.x-1.07.x-1.17.x-1.27.x-1.37.x-1.47.x-2.07.x-2.17.x-2.2
Related vulnerabilities
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows For...
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not...
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, ...
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x...
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x...