Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3092
HistorySep 21, 2010 - 12:00 a.m.

CVE-2010-3092

2010-09-2100:00:00
ubuntu.com
ubuntu.com
9

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not
properly support case-insensitive filename handling in a database
configuration, which allows remote authenticated users to bypass the
intended restrictions on downloading a file by uploading a different file
with a similar name.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchdrupal5< 5.7-1ubuntu1.3UNKNOWN
ubuntu9.10noarchdrupal5< 5.18-1.1ubuntu2.2UNKNOWN

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%