Lucene search

[email protected]CVE-2007-0658

HistoryFeb 01, 2007 - 10:28 p.m.

CVE-2007-0658

2007-02-0122:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

drupal

textimage

captcha

remote code execution

cve-2007-0658

security vulnerability

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.083 Low

EPSS

Percentile

94.3%

JSON

The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

CPENameOperatorVersion
drupal:drupaldrupaleq4.7.2
drupal:textimagedrupal textimageeq4.7
drupal:drupaldrupaleq4.7.5
drupal:drupaldrupaleq4.7.3
drupal:drupaldrupaleq5.0
drupal:drupaldrupaleq4.7_rev1.15
drupal:drupaldrupaleq4.7
drupal:drupaldrupaleq4.7.6
drupal:drupaldrupaleq5.1
drupal:drupaldrupaleq4.7.4

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	4.7.2
drupal:textimage	drupal textimage	eq	4.7
drupal:drupal	drupal	eq	4.7.5
drupal:drupal	drupal	eq	4.7.3
drupal:drupal	drupal	eq	5.0
drupal:drupal	drupal	eq	4.7_rev1.15
drupal:drupal	drupal	eq	4.7
drupal:drupal	drupal	eq	4.7.6
drupal:drupal	drupal	eq	5.1
drupal:drupal	drupal	eq	4.7.4

Rows per page:

1-10 of 121

References

cvs.drupal.org/viewcvs/drupal/contributions/modules/captcha/captcha.module?r1=1.25.2.1&r2=1.25.2.2

cvs.drupal.org/viewcvs/drupal/contributions/modules/textimage/captcha.inc?r1=1.1&r2=1.1.2.1

drupal.org/node/114364

drupal.org/node/114519

osvdb.org/32137

osvdb.org/32138

secunia.com/advisories/23983

secunia.com/advisories/23985

www.securityfocus.com/bid/22329

www.vupen.com/english/advisories/2007/0431

exchange.xforce.ibmcloud.com/vulnerabilities/31984

exchange.xforce.ibmcloud.com/vulnerabilities/31994

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.083 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2007-0658

prion1 nessus1 securityvulns1