Lucene search

[email protected]CVE-2012-1057

HistoryFeb 14, 2012 - 12:55 a.m.

CVE-2012-1057

2012-02-1400:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1057

csrf vulnerability

forward module

drupal

authentication hijacking

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper “flood control.”

Affected configurations

NVD

Node

sean_robertsonforwardMatch6.x-1.0

sean_robertsonforwardMatch6.x-1.1

sean_robertsonforwardMatch6.x-1.2

sean_robertsonforwardMatch6.x-1.3

sean_robertsonforwardMatch6.x-1.4

sean_robertsonforwardMatch6.x-1.5

sean_robertsonforwardMatch6.x-1.6

sean_robertsonforwardMatch6.x-1.7

sean_robertsonforwardMatch6.x-1.8

sean_robertsonforwardMatch6.x-1.9

sean_robertsonforwardMatch6.x-1.10

sean_robertsonforwardMatch6.x-1.11

sean_robertsonforwardMatch6.x-1.12

sean_robertsonforwardMatch6.x-1.13

sean_robertsonforwardMatch6.x-1.14

sean_robertsonforwardMatch6.x-1.15

sean_robertsonforwardMatch6.x-1.16

sean_robertsonforwardMatch6.x-1.17

sean_robertsonforwardMatch6.x-1.18

sean_robertsonforwardMatch6.x-1.19

sean_robertsonforwardMatch6.x-1.20

sean_robertsonforwardMatch6.x-1.x-dev

AND

drupaldrupal

Node

sean_robertsonforwardMatch7.x-1.0

sean_robertsonforwardMatch7.x-1.0alpha1

sean_robertsonforwardMatch7.x-1.0alpha2

sean_robertsonforwardMatch7.x-1.0alpha3

sean_robertsonforwardMatch7.x-1.0rc1

sean_robertsonforwardMatch7.x-1.0rc2

sean_robertsonforwardMatch7.x-1.0rc3

sean_robertsonforwardMatch7.x-1.0rc4

sean_robertsonforwardMatch7.x-1.1

sean_robertsonforwardMatch7.x-1.2

sean_robertsonforwardMatch7.x-1.x-dev

AND

drupaldrupal

CPENameOperatorVersion
sean_robertson:forwardsean robertson forwardeq6.x-1.0
sean_robertson:forwardsean robertson forwardeq6.x-1.1
sean_robertson:forwardsean robertson forwardeq6.x-1.2
sean_robertson:forwardsean robertson forwardeq6.x-1.3
sean_robertson:forwardsean robertson forwardeq6.x-1.4
sean_robertson:forwardsean robertson forwardeq6.x-1.5
sean_robertson:forwardsean robertson forwardeq6.x-1.6
sean_robertson:forwardsean robertson forwardeq6.x-1.7
sean_robertson:forwardsean robertson forwardeq6.x-1.8
sean_robertson:forwardsean robertson forwardeq6.x-1.9

CPE	Name	Operator	Version
sean_robertson:forward	sean robertson forward	eq	6.x-1.0
sean_robertson:forward	sean robertson forward	eq	6.x-1.1
sean_robertson:forward	sean robertson forward	eq	6.x-1.2
sean_robertson:forward	sean robertson forward	eq	6.x-1.3
sean_robertson:forward	sean robertson forward	eq	6.x-1.4
sean_robertson:forward	sean robertson forward	eq	6.x-1.5
sean_robertson:forward	sean robertson forward	eq	6.x-1.6
sean_robertson:forward	sean robertson forward	eq	6.x-1.7
sean_robertson:forward	sean robertson forward	eq	6.x-1.8
sean_robertson:forward	sean robertson forward	eq	6.x-1.9

Rows per page:

1-10 of 221

References

drupal.org/node/1423722

drupal.org/node/1425150

drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3

osvdb.org/78817

secunia.com/advisories/47851

www.securityfocus.com/bid/51826

exchange.xforce.ibmcloud.com/vulnerabilities/72922

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2012-1057

cvelist1 nvd1 prion1 drupal1