Vulnerabilities > CVE-2015-5505 - Code vulnerability in Codfront Labs Http Strict Transport Security
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.openwall.com/lists/oss-security/2015/07/04/4
- http://www.securityfocus.com/bid/75276
- http://www.securityfocus.com/bid/75276
- http://www.securitytracker.com/id/1037633
- http://www.securitytracker.com/id/1037633
- https://www.drupal.org/node/2507539
- https://www.drupal.org/node/2507539
- https://www.drupal.org/node/2507543
- https://www.drupal.org/node/2507543
- https://www.drupal.org/node/2507563
- https://www.drupal.org/node/2507563