Lucene search

K
nvd[email protected]NVD:CVE-2010-1547
HistoryMay 21, 2010 - 8:30 p.m.

CVE-2010-1547

2010-05-2120:30:01
CWE-352
web.nvd.nist.gov
3
csrf
vulnerabilities
ctools
drupal
remote attackers
hijack
authentication
administrators
enable
disable

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

69.8%

Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.

Affected configurations

Nvd
Node
chaos_tool_suite_projectctoolsMatch6.x-1.0drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0alpha1drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0alpha2drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0alpha3drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0beta1drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0beta2drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0beta3drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0beta4drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.0rc1drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.1drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.2drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.3drupal
OR
chaos_tool_suite_projectctoolsMatch6.x-1.xdevdrupal
VendorProductVersionCPE
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:*:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha1:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha2:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:alpha3:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta1:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta2:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta3:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:beta4:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.0cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.0:rc1:*:*:*:drupal:*:*
chaos_tool_suite_projectctools6.x-1.1cpe:2.3:a:chaos_tool_suite_project:ctools:6.x-1.1:*:*:*:*:drupal:*:*
Rows per page:
1-10 of 131

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.003

Percentile

69.8%

Related for NVD:CVE-2010-1547