Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6532

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6532
Last Modified 25 Apr 2009 01:40:32
Published 26 Mar 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6532

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.11

  • Drupal 5.12

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4

  • Drupal 6.5

  • Drupal 6.6


References

CONFIRM - http://drupal.org/node/345441

FEDORA - FEDORA-2008-11213

FEDORA - FEDORA-2008-11196

XF - drupal-unspecified-superuser-csrf(47260)

VUPEN - ADV-2008-3414

OSVDB - 50661

SECUNIA - 33147

SECUNIA - 33112


Last Updated: 27 May 2016 10:49:14