Lucene search

K
cve[email protected]CVE-2012-1057
HistoryFeb 14, 2012 - 12:55 a.m.

CVE-2012-1057

2012-02-1400:55:00
CWE-352
web.nvd.nist.gov
17
cve-2012-1057
csrf vulnerability
forward module
drupal
authentication hijacking

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper “flood control.”

Affected configurations

NVD
Node
sean_robertsonforwardMatch6.x-1.0
OR
sean_robertsonforwardMatch6.x-1.1
OR
sean_robertsonforwardMatch6.x-1.2
OR
sean_robertsonforwardMatch6.x-1.3
OR
sean_robertsonforwardMatch6.x-1.4
OR
sean_robertsonforwardMatch6.x-1.5
OR
sean_robertsonforwardMatch6.x-1.6
OR
sean_robertsonforwardMatch6.x-1.7
OR
sean_robertsonforwardMatch6.x-1.8
OR
sean_robertsonforwardMatch6.x-1.9
OR
sean_robertsonforwardMatch6.x-1.10
OR
sean_robertsonforwardMatch6.x-1.11
OR
sean_robertsonforwardMatch6.x-1.12
OR
sean_robertsonforwardMatch6.x-1.13
OR
sean_robertsonforwardMatch6.x-1.14
OR
sean_robertsonforwardMatch6.x-1.15
OR
sean_robertsonforwardMatch6.x-1.16
OR
sean_robertsonforwardMatch6.x-1.17
OR
sean_robertsonforwardMatch6.x-1.18
OR
sean_robertsonforwardMatch6.x-1.19
OR
sean_robertsonforwardMatch6.x-1.20
OR
sean_robertsonforwardMatch6.x-1.x-dev
AND
drupaldrupal
Node
sean_robertsonforwardMatch7.x-1.0
OR
sean_robertsonforwardMatch7.x-1.0alpha1
OR
sean_robertsonforwardMatch7.x-1.0alpha2
OR
sean_robertsonforwardMatch7.x-1.0alpha3
OR
sean_robertsonforwardMatch7.x-1.0rc1
OR
sean_robertsonforwardMatch7.x-1.0rc2
OR
sean_robertsonforwardMatch7.x-1.0rc3
OR
sean_robertsonforwardMatch7.x-1.0rc4
OR
sean_robertsonforwardMatch7.x-1.1
OR
sean_robertsonforwardMatch7.x-1.2
OR
sean_robertsonforwardMatch7.x-1.x-dev
AND
drupaldrupal

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

Related for CVE-2012-1057