Lucene search

PRIOn knowledge basePRION:CVE-2013-0246

HistoryJul 16, 2013 - 6:55 p.m.

Design/Logic Flaw

2013-07-1618:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

CPENameOperatorVersion
drupaleq7.0 alpha5
drupaleq7.0 dev
drupaleq7.0 alpha7
drupaleq7.16
drupaleq7.0 rc2
drupaleq7.18
drupaleq7.15
drupaleq7.0 rc4
drupaleq7.0 beta2
drupaleq7.0 rc3

Name	Operator	Version
drupal	eq	7.0 alpha5
drupal	eq	7.0 dev
drupal	eq	7.0 alpha7
drupal	eq	7.16
drupal	eq	7.0 rc2
drupal	eq	7.18
drupal	eq	7.15
drupal	eq	7.0 rc4
drupal	eq	7.0 beta2
drupal	eq	7.0 rc3

Rows per page:

1-10 of 351

References

packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html

seclists.org/fulldisclosure/2013/Jan/120

seclists.org/oss-sec/2013/q1/211

secunia.com/advisories/51717

drupal.org/SA-CORE-2013-001

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for PRION:CVE-2013-0246