MidnightBSD

Advisories for codfront_labs

CVE-2015-5505 MEDIUM

The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
codfront_labs http_strict_transport_security 6.x-1.x
codfront_labs http_strict_transport_security 7.x-1.1
codfront_labs http_strict_transport_security 7.x-1.0
codfront_labs http_strict_transport_security 6.x-1.0