Vulnerabilities > CVE-2015-5505 - Code vulnerability in Codfront Labs Http Strict Transport Security

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

codfront-labs

CWE-17

NVD

Published: 2015-08-18

Updated: 2017-07-26

Summary

The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Codfront_Labs Codfront Labs Http Strict Transport Security 6.X-1.0 Codfront Labs Http Strict Transport Security 6.X-1.X Codfront Labs Http Strict Transport Security 7.X-1.0 Codfront Labs Http Strict Transport Security 7.X-1.1	6

Common Weakness Enumeration (CWE)

CWE-17 - Code

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References