Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2687

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2687
Last Modified 03 Sep 2015 10:21:11
Published 26 Jul 2011 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2687

Summary

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

Vulnerable Systems

Application

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.2


References

CONFIRM - http://drupal.org/node/1204582

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=717874

MLIST - [oss-security] 20110712 Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)

MLIST - [oss-security] 20110711 CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)

SECUNIA - 45291

SECUNIA - 45081

FEDORA - FEDORA-2011-8878

FEDORA - FEDORA-2011-8879

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385

BID - 48505


Last Updated: 27 May 2016 11:08:38