Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0272

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0272
Last Modified 07 Mar 2011 10:04:14
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0272

Summary

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

Vulnerable Systems

Application

  • Drupal 4.0.0

  • Drupal 4.1.0

  • Drupal 4.2.0 Rc

  • Drupal 4.4

  • Drupal 4.4.1

  • Drupal 4.4.2

  • Drupal 4.4.3

  • Drupal 4.5

  • Drupal 4.5.1

  • Drupal 4.5.2

  • Drupal 4.5.3

  • Drupal 4.5.4

  • Drupal 4.5.5

  • Drupal 4.5.6

  • Drupal 4.5.7

  • Drupal 4.5.8

  • Drupal 4.6

  • Drupal 4.6.1

  • Drupal 4.6.10

  • Drupal 4.6.11

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.6.7

  • Drupal 4.6.8

  • Drupal 4.6.9

  • Drupal 4.7

  • Drupal 4.7 Rev 1.15

  • Drupal 4.7 Rev 1.2

  • Drupal 4.7.1

  • Drupal 4.7.10

  • Drupal 4.7.2

  • Drupal 4.7.3

  • Drupal 4.7.4

  • Drupal 4.7.5

  • Drupal 4.7.6

  • Drupal 4.7.7

  • Drupal 4.7.8

  • Drupal 4.7.9

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.1 Rev1.1

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5.


References

BID - 27238

XF - drupal-aggregator-csrf(39617)

VUPEN - ADV-2008-0134

VUPEN - ADV-2008-0127

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?t=1349

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?p=6878

SECUNIA - 28486

SECUNIA - 28422

CONFIRM - http://drupal.org/node/208562


Last Updated: 27 May 2016 10:46:44