Lucene search

[email protected]NVD:CVE-2012-5584

HistoryDec 26, 2012 - 5:55 p.m.

CVE-2012-5584

2012-12-2617:55:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node’s headers by accessing a table of contents block.

Affected configurations

Nvd

Node

m2oswtableofcontentsMatch6.x-3.0

m2oswtableofcontentsMatch6.x-3.1

m2oswtableofcontentsMatch6.x-3.2

m2oswtableofcontentsMatch6.x-3.3

m2oswtableofcontentsMatch6.x-3.4

m2oswtableofcontentsMatch6.x-3.5

m2oswtableofcontentsMatch6.x-3.6

m2oswtableofcontentsMatch6.x-3.7

m2oswtableofcontentsMatch6.x-3.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
m2oswtableofcontents6.x-3.0cpe:2.3:a:m2osw:tableofcontents:6.x-3.0:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.1cpe:2.3:a:m2osw:tableofcontents:6.x-3.1:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.2cpe:2.3:a:m2osw:tableofcontents:6.x-3.2:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.3cpe:2.3:a:m2osw:tableofcontents:6.x-3.3:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.4cpe:2.3:a:m2osw:tableofcontents:6.x-3.4:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.5cpe:2.3:a:m2osw:tableofcontents:6.x-3.5:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.6cpe:2.3:a:m2osw:tableofcontents:6.x-3.6:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.7cpe:2.3:a:m2osw:tableofcontents:6.x-3.7:*:*:*:*:*:*:*
m2oswtableofcontents6.x-3.xcpe:2.3:a:m2osw:tableofcontents:6.x-3.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
m2osw	tableofcontents	6.x-3.0	cpe:2.3:a:m2osw:tableofcontents:6.x-3.0:::::::*
m2osw	tableofcontents	6.x-3.1	cpe:2.3:a:m2osw:tableofcontents:6.x-3.1:::::::*
m2osw	tableofcontents	6.x-3.2	cpe:2.3:a:m2osw:tableofcontents:6.x-3.2:::::::*
m2osw	tableofcontents	6.x-3.3	cpe:2.3:a:m2osw:tableofcontents:6.x-3.3:::::::*
m2osw	tableofcontents	6.x-3.4	cpe:2.3:a:m2osw:tableofcontents:6.x-3.4:::::::*
m2osw	tableofcontents	6.x-3.5	cpe:2.3:a:m2osw:tableofcontents:6.x-3.5:::::::*
m2osw	tableofcontents	6.x-3.6	cpe:2.3:a:m2osw:tableofcontents:6.x-3.6:::::::*
m2osw	tableofcontents	6.x-3.7	cpe:2.3:a:m2osw:tableofcontents:6.x-3.7:::::::*
m2osw	tableofcontents	6.x-3.x	cpe:2.3:a:m2osw:tableofcontents:6.x-3.x:dev::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1841026

drupal.org/node/1841046

www.openwall.com/lists/oss-security/2012/11/29/2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

Related for NVD:CVE-2012-5584

cvelist1 cve1 drupal1 prion1