Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4436

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4436
Last Modified 15 Nov 2008 12:00:00
Published 20 Aug 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4436

Summary

The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.

Vulnerable Systems

Application

  • Drupal Project 4.7 1.1

  • Drupal Project 4.7 2.1

  • Drupal Project 5.0

  • Drupal Project Issue Tracking Module 4.7 1.1

  • Drupal Project Issue Tracking Module 4.7 2.1


References

SECUNIA - 26510

CONFIRM - http://drupal.org/node/168760

XF - project-title-information-disclosure(36105)

BID - 25364

OSVDB - 39632


Last Updated: 27 May 2016 10:45:52