Lucene search

[email protected]NVD:CVE-2008-6532

HistoryMar 26, 2009 - 9:00 p.m.

CVE-2008-6532

2009-03-2621:00:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to “execute old updates” that modify the database.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch5.12

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

References

drupal.org/node/345441

secunia.com/advisories/33112

secunia.com/advisories/33147

www.osvdb.org/50661

www.vupen.com/english/advisories/2008/3414

exchange.xforce.ibmcloud.com/vulnerabilities/47260

www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html

www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Related for NVD:CVE-2008-6532

ubuntucve1 prion1 cve1 cvelist1 nessus2