Lucene search
HistorySep 21, 2010 - 8:00 p.m.
CVE-2010-3092
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
53.2%
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
Affected configurations
Node
drupaldrupalMatch5.0
ORdrupaldrupalMatch5.0beta1
ORdrupaldrupalMatch5.0beta2
ORdrupaldrupalMatch5.0dev
ORdrupaldrupalMatch5.0rc1
ORdrupaldrupalMatch5.0rc2
ORdrupaldrupalMatch5.1
ORdrupaldrupalMatch5.2
ORdrupaldrupalMatch5.3
ORdrupaldrupalMatch5.4
ORdrupaldrupalMatch5.5
ORdrupaldrupalMatch5.6
ORdrupaldrupalMatch5.7
ORdrupaldrupalMatch5.8
ORdrupaldrupalMatch5.9
ORdrupaldrupalMatch5.10
ORdrupaldrupalMatch5.11
ORdrupaldrupalMatch5.12
ORdrupaldrupalMatch5.13
ORdrupaldrupalMatch5.14
ORdrupaldrupalMatch5.15
ORdrupaldrupalMatch5.16
ORdrupaldrupalMatch5.17
ORdrupaldrupalMatch5.18
ORdrupaldrupalMatch5.19
ORdrupaldrupalMatch5.20
ORdrupaldrupalMatch5.21
ORdrupaldrupalMatch5.22
Node
drupaldrupalMatch6.0
ORdrupaldrupalMatch6.0beta1
ORdrupaldrupalMatch6.0beta2
ORdrupaldrupalMatch6.0beta3
ORdrupaldrupalMatch6.0beta4
ORdrupaldrupalMatch6.0dev
ORdrupaldrupalMatch6.0rc1
ORdrupaldrupalMatch6.0rc2
ORdrupaldrupalMatch6.0rc3
ORdrupaldrupalMatch6.0rc4
ORdrupaldrupalMatch6.1
ORdrupaldrupalMatch6.2
ORdrupaldrupalMatch6.3
ORdrupaldrupalMatch6.4
ORdrupaldrupalMatch6.5
ORdrupaldrupalMatch6.6
ORdrupaldrupalMatch6.7
ORdrupaldrupalMatch6.8
ORdrupaldrupalMatch6.9
ORdrupaldrupalMatch6.10
ORdrupaldrupalMatch6.11
ORdrupaldrupalMatch6.12
ORdrupaldrupalMatch6.13
ORdrupaldrupalMatch6.14
ORdrupaldrupalMatch6.15
ORdrupaldrupalMatch6.16
ORdrupaldrupalMatch6.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:* |
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:* |
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:* |
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:* |
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:* |
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:* |
| drupal | drupal | 5.1 | cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:* |
| drupal | drupal | 5.2 | cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:* |
| drupal | drupal | 5.3 | cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:* |
| drupal | drupal | 5.4 | cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2010-09-21 20:00:00
cve
cve
CVE-2010-3092
2010-09-21 20:00:02
cvelist
cvelist
CVE-2010-3092
2010-09-21 19:00:00
ubuntucve
ubuntucve
CVE-2010-3092
2010-09-21 00:00:00
osv
osv
drupal6 - several vulnerabilities
2010-09-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 2113-1 (drupal6)
2010-10-10 00:00:00
Debian: Security Advisory (DSA-2113-1)
2010-10-10 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities
2010-09-20 14:15:04
[BSA-023] Security Update for drupal6
2011-01-25 16:43:46
nessus
nessus
Debian DSA-2113-1 : drupal6 - several vulnerabilities
2010-09-21 00:00:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
53.2%
Related for NVD:CVE-2010-3092