Lucene search

K
cve[email protected]CVE-2012-1057
HistoryFeb 14, 2012 - 12:55 a.m.

CVE-2012-1057

2012-02-1400:55:00
CWE-352
web.nvd.nist.gov
17
cve-2012-1057
csrf vulnerability
forward module
drupal
authentication hijacking

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

58.4%

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper “flood control.”

Affected configurations

NVD
Node
sean_robertsonforwardMatch6.x-1.0
OR
sean_robertsonforwardMatch6.x-1.1
OR
sean_robertsonforwardMatch6.x-1.2
OR
sean_robertsonforwardMatch6.x-1.3
OR
sean_robertsonforwardMatch6.x-1.4
OR
sean_robertsonforwardMatch6.x-1.5
OR
sean_robertsonforwardMatch6.x-1.6
OR
sean_robertsonforwardMatch6.x-1.7
OR
sean_robertsonforwardMatch6.x-1.8
OR
sean_robertsonforwardMatch6.x-1.9
OR
sean_robertsonforwardMatch6.x-1.10
OR
sean_robertsonforwardMatch6.x-1.11
OR
sean_robertsonforwardMatch6.x-1.12
OR
sean_robertsonforwardMatch6.x-1.13
OR
sean_robertsonforwardMatch6.x-1.14
OR
sean_robertsonforwardMatch6.x-1.15
OR
sean_robertsonforwardMatch6.x-1.16
OR
sean_robertsonforwardMatch6.x-1.17
OR
sean_robertsonforwardMatch6.x-1.18
OR
sean_robertsonforwardMatch6.x-1.19
OR
sean_robertsonforwardMatch6.x-1.20
OR
sean_robertsonforwardMatch6.x-1.x-dev
AND
drupaldrupal
Node
sean_robertsonforwardMatch7.x-1.0
OR
sean_robertsonforwardMatch7.x-1.0alpha1
OR
sean_robertsonforwardMatch7.x-1.0alpha2
OR
sean_robertsonforwardMatch7.x-1.0alpha3
OR
sean_robertsonforwardMatch7.x-1.0rc1
OR
sean_robertsonforwardMatch7.x-1.0rc2
OR
sean_robertsonforwardMatch7.x-1.0rc3
OR
sean_robertsonforwardMatch7.x-1.0rc4
OR
sean_robertsonforwardMatch7.x-1.1
OR
sean_robertsonforwardMatch7.x-1.2
OR
sean_robertsonforwardMatch7.x-1.x-dev
AND
drupaldrupal
VendorProductVersionCPE
sean_robertsonforward6.x-1.x-devcpe:/a:sean_robertson:forward:6.x-1.x-dev:::
sean_robertsonforward6.x-1.8cpe:/a:sean_robertson:forward:6.x-1.8:::
sean_robertsonforward6.x-1.5cpe:/a:sean_robertson:forward:6.x-1.5:::
sean_robertsonforward6.x-1.12cpe:/a:sean_robertson:forward:6.x-1.12:::
sean_robertsonforward6.x-1.2cpe:/a:sean_robertson:forward:6.x-1.2:::
sean_robertsonforward6.x-1.17cpe:/a:sean_robertson:forward:6.x-1.17:::
sean_robertsonforward6.x-1.11cpe:/a:sean_robertson:forward:6.x-1.11:::
sean_robertsonforward6.x-1.3cpe:/a:sean_robertson:forward:6.x-1.3:::
sean_robertsonforward6.x-1.20cpe:/a:sean_robertson:forward:6.x-1.20:::
sean_robertsonforward6.x-1.10cpe:/a:sean_robertson:forward:6.x-1.10:::
Rows per page:
1-10 of 221

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

58.4%

Related for CVE-2012-1057