CVE-2009-2374

N/A Unknown
Published: July 08, 2009 Modified: April 23, 2026
View on NVD

Description

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://drupal.org/node/507572
Source: cve@mitre.org
Patch Vendor Advisory
http://osvdb.org/55524
Source: cve@mitre.org
Broken Link Patch
http://secunia.com/advisories/35657
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/35681
Source: cve@mitre.org
Third Party Advisory
http://drupal.org/node/507572
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://osvdb.org/55524
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://secunia.com/advisories/35657
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/35681
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
50th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-255

Affected Vendors

drupal

Related CVEs

CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3
CVE-2026-7037 9.8
CVE-2026-7036 7.3