Lucene search

[email protected]CVE-2009-3207

HistorySep 16, 2009 - 5:30 p.m.

CVE-2009-3207

2009-09-1617:30:00

CWE-264

[email protected]

web.nvd.nist.gov

drupal

imagecache

cve-2009-3207

access control

remote attackers

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image’s filename.

Affected configurations

NVD

Node

drupaldrupal

AND

drewishimagecacheMatch5.x-1.0

drewishimagecacheMatch5.x-1.1

drewishimagecacheMatch5.x-1.2

drewishimagecacheMatch5.x-1.3

drewishimagecacheMatch5.x-1.4

drewishimagecacheMatch5.x-1.5

drewishimagecacheMatch5.x-1.6

drewishimagecacheMatch5.x-1.7

drewishimagecacheMatch5.x-1.xdev

drewishimagecacheMatch5.x-2.0

drewishimagecacheMatch5.x-2.0alpha

drewishimagecacheMatch5.x-2.0beta

drewishimagecacheMatch5.x-2.0rc1

drewishimagecacheMatch5.x-2.0rc2

drewishimagecacheMatch5.x-2.1

drewishimagecacheMatch5.x-2.2

drewishimagecacheMatch5.x-2.3

drewishimagecacheMatch5.x-2.4

drewishimagecacheMatch5.x-2.xdev

drewishimagecacheMatch6.x-1.0alpha1

drewishimagecacheMatch6.x-1.0alpha2

drewishimagecacheMatch6.x-2.0beta1

drewishimagecacheMatch6.x-2.0beta2

drewishimagecacheMatch6.x-2.0beta3

drewishimagecacheMatch6.x-2.0beta4

drewishimagecacheMatch6.x-2.0beta5

drewishimagecacheMatch6.x-2.0beta6

drewishimagecacheMatch6.x-2.0beta7

drewishimagecacheMatch6.x-2.0beta8

drewishimagecacheMatch6.x-2.0beta9

drewishimagecacheMatch6.x-2.x-dev

CPENameOperatorVersion
drewish:imagecachedrewish imagecacheeq5.x-1.0
drewish:imagecachedrewish imagecacheeq5.x-1.1
drewish:imagecachedrewish imagecacheeq5.x-1.2
drewish:imagecachedrewish imagecacheeq5.x-1.3
drewish:imagecachedrewish imagecacheeq5.x-1.4
drewish:imagecachedrewish imagecacheeq5.x-1.5
drewish:imagecachedrewish imagecacheeq5.x-1.6
drewish:imagecachedrewish imagecacheeq5.x-1.7
drewish:imagecachedrewish imagecacheeq5.x-1.x
drewish:imagecachedrewish imagecacheeq5.x-2.0

CPE	Name	Operator	Version
drewish:imagecache	drewish imagecache	eq	5.x-1.0
drewish:imagecache	drewish imagecache	eq	5.x-1.1
drewish:imagecache	drewish imagecache	eq	5.x-1.2
drewish:imagecache	drewish imagecache	eq	5.x-1.3
drewish:imagecache	drewish imagecache	eq	5.x-1.4
drewish:imagecache	drewish imagecache	eq	5.x-1.5
drewish:imagecache	drewish imagecache	eq	5.x-1.6
drewish:imagecache	drewish imagecache	eq	5.x-1.7
drewish:imagecache	drewish imagecache	eq	5.x-1.x
drewish:imagecache	drewish imagecache	eq	5.x-2.0

Rows per page:

1-10 of 181

References

drupal.org/node/505904

drupal.org/node/554084

drupal.org/node/554086

drupal.org/node/554090

secunia.com/advisories/36412

exchange.xforce.ibmcloud.com/vulnerabilities/52595

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2009-3207

cvelist1 prion1 nvd1