CVE-2008-6910 Information

Description

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13 a module for Drupal does not use timeouts for signed requests which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.

Reference

http://drupal.org/node/348295 http://osvdb.org/50743 http://www.securityfocus.com/bid/32894 https://exchange.xforce.ibmcloud.com/vulnerabilities/52441