CVE-2012-5584

2022-10-0316:15:29

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-5584

drupal

table of contents

remote attack

node permissions

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.0%

JSON

The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node’s headers by accessing a table of contents block.

Affected configurations

NVD

Node

m2oswtableofcontentsMatch6.x-3.0

m2oswtableofcontentsMatch6.x-3.1

m2oswtableofcontentsMatch6.x-3.2

m2oswtableofcontentsMatch6.x-3.3

m2oswtableofcontentsMatch6.x-3.4

m2oswtableofcontentsMatch6.x-3.5

m2oswtableofcontentsMatch6.x-3.6

m2oswtableofcontentsMatch6.x-3.7

m2oswtableofcontentsMatch6.x-3.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.0
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.1
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.2
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.3
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.4
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.5
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.6
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.7
m2osw:tableofcontentsm2osw tableofcontentseq6.x-3.x

CPE	Name	Operator	Version
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.0
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.1
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.2
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.3
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.4
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.5
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.6
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.7
m2osw:tableofcontents	m2osw tableofcontents	eq	6.x-3.x