Ubuntu.comUB:CVE-2007-6752CVE-2007-6752
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%
DISPUTED Cross-site request forgery (CSRF) vulnerability in Drupal
7.12 and earlier allows remote attackers to hijack the authentication of
arbitrary users for requests that end a session via the user/logout URI.
NOTE: the vendor disputes the significance of this issue, by considering
the “security benefit against platform complexity and performance impact”
and concluding that a change to the logout behavior is not planned because
“for most sites it is not worth the trade-off.”
References
drupal.org/node/144538
groups.drupal.org/node/216314
ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.html
packetstormsecurity.org/files/110404/drupal712-xsrf.txt
www.exploit-db.com/exploits/18564/
launchpad.net/bugs/cve/CVE-2007-6752
nvd.nist.gov/vuln/detail/CVE-2007-6752
security-tracker.debian.org/tracker/CVE-2007-6752
www.cve.org/CVERecord?id=CVE-2007-6752
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.4%