Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5597

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5597
Last Modified 07 Mar 2011 10:00:59
Published 19 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5597

Summary

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

Vulnerable Systems

Application

  • Drupal 4.7.7

  • Drupal 5.2


References

VUPEN - ADV-2007-3546

SECUNIA - 27292

CONFIRM - http://drupal.org/node/184354

FEDORA - FEDORA-2007-2649

XF - drupal-api-information-disclosure(37296)

BID - 26119

SECUNIA - 27352


Last Updated: 27 May 2016 10:46:13