Lucene search

[email protected]CVE-2012-2077

HistoryAug 14, 2012 - 11:55 p.m.

CVE-2012-2077

2012-08-1423:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-2077

csrf

sharethis

drupal

vulnerability

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors “outside of the Form API.”

Affected configurations

NVD

Node

rob_loachsharethisMatch7.x-2.0

rob_loachsharethisMatch7.x-2.0dev

rob_loachsharethisMatch7.x-2.1

rob_loachsharethisMatch7.x-2.2

AND

drupaldrupalMatch-

CPENameOperatorVersion
rob_loach:sharethisrob loach sharethiseq7.x-2.0
rob_loach:sharethisrob loach sharethiseq7.x-2.1
rob_loach:sharethisrob loach sharethiseq7.x-2.2

CPE	Name	Operator	Version
rob_loach:sharethis	rob loach sharethis	eq	7.x-2.0
rob_loach:sharethis	rob loach sharethis	eq	7.x-2.1
rob_loach:sharethis	rob loach sharethis	eq	7.x-2.2

References

drupal.org/node/1504746

drupal.org/node/1506448

drupalcode.org/project/sharethis.git/commit/11f247a

secunia.com/advisories/48598

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/80681

www.securityfocus.com/bid/52778

exchange.xforce.ibmcloud.com/vulnerabilities/74518

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for CVE-2012-2077

cvelist1 prion1 nvd1 drupal1