Lucene search

PRIOn knowledge basePRION:CVE-2012-1591

HistoryOct 01, 2012 - 12:55 a.m.

Code injection

2012-10-0100:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

CPENameOperatorVersion
drupaleq7.0 alpha5
drupaleq7.0 dev
drupaleq7.0 alpha7
drupaleq7.0 rc2
drupaleq7.0 rc4
drupaleq7.0 beta2
drupaleq7.0 rc3
drupaleq7.0 alpha1
drupaleq7.3
drupaleq7.8

Name	Operator	Version
drupal	eq	7.0 alpha5
drupal	eq	7.0 dev
drupal	eq	7.0 alpha7
drupal	eq	7.0 rc2
drupal	eq	7.0 rc4
drupal	eq	7.0 beta2
drupal	eq	7.0 rc3
drupal	eq	7.0 alpha1
drupal	eq	7.3
drupal	eq	7.8

Rows per page:

1-10 of 301

References

drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8

secunia.com/advisories/49012

www.mandriva.com/security/advisories?name=MDVSA-2013:074

www.securityfocus.com/bid/53359

drupal.org/drupal-7.14

drupal.org/node/1507988

drupal.org/node/1557938

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for PRION:CVE-2012-1591