Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal HTTP Strict Transport Security模块权限许可和访问控制漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。HTTP Strict Transport Security(HSTS)是其中的一个新的Web安全协议模块。 Drupal HSTS模块6.x-1.1之前6.x-1.x版本和7.x-1.2之前7.x-1.x版本中存在安全漏洞,该漏洞源于程序没有正确实现‘include subdomains’指令。攻击者可利用该漏洞实施中间人攻击,使HSTS策略不能应用到子域。
CVSS Information
N/A
Vulnerability Type
N/A