Lucene search

[email protected]NVD:CVE-2007-6752

HistoryMar 28, 2012 - 10:54 a.m.

CVE-2007-6752

2012-03-2810:54:59

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the “security benefit against platform complexity and performance impact” and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.

Affected configurations

NVD

Node

drupaldrupalRange≤7.12

drupaldrupalMatch4.0

drupaldrupalMatch4.0.0

drupaldrupalMatch4.1.0

drupaldrupalMatch4.2.0_rc

drupaldrupalMatch4.4

drupaldrupalMatch4.4.0

drupaldrupalMatch4.4.1

drupaldrupalMatch4.4.2

drupaldrupalMatch4.4.3

drupaldrupalMatch4.5

drupaldrupalMatch4.5.0

drupaldrupalMatch4.5.1

drupaldrupalMatch4.5.2

drupaldrupalMatch4.5.3

drupaldrupalMatch4.5.4

drupaldrupalMatch4.5.5

drupaldrupalMatch4.5.6

drupaldrupalMatch4.5.7

drupaldrupalMatch4.5.8

drupaldrupalMatch4.6

drupaldrupalMatch4.6.0

drupaldrupalMatch4.6.1

drupaldrupalMatch4.6.2

drupaldrupalMatch4.6.3

drupaldrupalMatch4.6.4

drupaldrupalMatch4.6.5

drupaldrupalMatch4.6.6

drupaldrupalMatch4.6.7

drupaldrupalMatch4.6.8

drupaldrupalMatch4.6.9

drupaldrupalMatch4.6.10

drupaldrupalMatch4.6.11

drupaldrupalMatch4.7

drupaldrupalMatch4.7.0

drupaldrupalMatch4.7.1

drupaldrupalMatch4.7.2

drupaldrupalMatch4.7.3

drupaldrupalMatch4.7.4

drupaldrupalMatch4.7.5

drupaldrupalMatch4.7.6

drupaldrupalMatch4.7.7

drupaldrupalMatch4.7.8

drupaldrupalMatch4.7.9

drupaldrupalMatch4.7.10

drupaldrupalMatch4.7_rev_1.2

drupaldrupalMatch4.7_rev_1.15

drupaldrupalMatch4.7_rev1.15

drupaldrupalMatch4.7_revision_1.2

drupaldrupalMatch5.0

drupaldrupalMatch5.0beta1

drupaldrupalMatch5.0beta2

drupaldrupalMatch5.0dev

drupaldrupalMatch5.0rc1

drupaldrupalMatch5.0rc2

drupaldrupalMatch5.1

drupaldrupalMatch5.1_rev1.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.5.

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch5.12

drupaldrupalMatch5.13

drupaldrupalMatch5.14

drupaldrupalMatch5.15

drupaldrupalMatch5.16

drupaldrupalMatch5.17

drupaldrupalMatch5.18

drupaldrupalMatch5.19

drupaldrupalMatch5.20

drupaldrupalMatch5.21

drupaldrupalMatch5.22

drupaldrupalMatch5.23

drupaldrupalMatch5.xdev

drupaldrupalMatch6.0

drupaldrupalMatch6.0beta1

drupaldrupalMatch6.0beta2

drupaldrupalMatch6.0beta3

drupaldrupalMatch6.0beta4

drupaldrupalMatch6.0dev

drupaldrupalMatch6.0rc-1

drupaldrupalMatch6.0rc-2

drupaldrupalMatch6.0rc-3

drupaldrupalMatch6.0rc-4

drupaldrupalMatch6.0rc1

drupaldrupalMatch6.0rc2

drupaldrupalMatch6.0rc3

drupaldrupalMatch6.0rc4

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

drupaldrupalMatch6.7

drupaldrupalMatch6.8

drupaldrupalMatch6.9

drupaldrupalMatch6.10

drupaldrupalMatch6.11

drupaldrupalMatch6.12

drupaldrupalMatch6.13

drupaldrupalMatch6.14

drupaldrupalMatch6.15

drupaldrupalMatch6.16

drupaldrupalMatch6.17

drupaldrupalMatch6.18

drupaldrupalMatch6.19

drupaldrupalMatch6.20

drupaldrupalMatch6.21

drupaldrupalMatch6.22

drupaldrupalMatch6.23

drupaldrupalMatch6.24

drupaldrupalMatch6.x-dev

drupaldrupalMatch7.0

drupaldrupalMatch7.0alpha1

drupaldrupalMatch7.0alpha2

drupaldrupalMatch7.0alpha3

drupaldrupalMatch7.0alpha4

drupaldrupalMatch7.0alpha5

drupaldrupalMatch7.0alpha6

drupaldrupalMatch7.0alpha7

drupaldrupalMatch7.0beta1

drupaldrupalMatch7.0beta2

drupaldrupalMatch7.0beta3

drupaldrupalMatch7.0dev

drupaldrupalMatch7.0rc1

drupaldrupalMatch7.0rc2

drupaldrupalMatch7.0rc3

drupaldrupalMatch7.0rc4

drupaldrupalMatch7.1

drupaldrupalMatch7.2

drupaldrupalMatch7.3

drupaldrupalMatch7.4

drupaldrupalMatch7.5

drupaldrupalMatch7.6

drupaldrupalMatch7.7

drupaldrupalMatch7.8

drupaldrupalMatch7.9

drupaldrupalMatch7.10

drupaldrupalMatch7.11

drupaldrupalMatch7.x-dev

References

drupal.org/node/144538

groups.drupal.org/node/216314

ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.html

packetstormsecurity.org/files/110404/drupal712-xsrf.txt

www.exploit-db.com/exploits/18564/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for NVD:CVE-2007-6752

packetstorm1 prion1 ubuntucve1 debiancve1 nessus1 cvelist1 cve1