CVE-2013-1946
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0048 (0.5%)
Percentile: 64.9%
EPSS: 2026-05-06
Affects
restful_web_services_project:restful_web_servicesdrupal:drupalTechnical description
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
Published: 4/6/2014, 4:55:06 PM
Last modified: 5/6/2026, 10:30:45 PM