Lucene search

RedhatCVE-2013-1859

HistoryMar 27, 2013 - 9:55 p.m.

CVE-2013-1859

2013-03-2721:55:03

CWE-264

redhat

web.nvd.nist.gov

cve-2013-1859

node parameter control

drupal

remote attack

configuration options

unspecified vectors

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors.

Affected configurations

Nvd

Node

chris_desautelsnode_parameter_controlMatch6.x-1.0

AND

drupaldrupalMatch-

VendorProductVersionCPE
chris_desautelsnode_parameter_control6.x-1.0cpe:2.3:a:chris_desautels:node_parameter_control:6.x-1.0:*:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chris_desautels	node_parameter_control	6.x-1.0	cpe:2.3:a:chris_desautels:node_parameter_control:6.x-1.0:::::::*
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1942330

osvdb.org/91257

packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html

seclists.org/fulldisclosure/2013/Mar/133

www.openwall.com/lists/oss-security/2013/03/15/2

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

Related for CVE-2013-1859