Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4791

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4791
Last Modified 05 Feb 2009 01:49:28
Published 29 Oct 2008 11:31:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4791

Summary

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4


References

CONFIRM - http://drupal.org/node/318706

XF - drupal-usermodule-security-bypass(45766)

MLIST - [oss-security] 20081021 CVE req: drupal < 5.11/6.5

SECUNIA - 32201


Last Updated: 27 May 2016 10:48:38