Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1056

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1056
Last Modified 14 Feb 2012 12:00:00
Published 13 Feb 2012 07:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1056

Summary

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.

Vulnerable Systems

Application

  • Sean Robertson Forward 6.x-1.0

  • Sean Robertson Forward 6.x-1.1

  • Sean Robertson Forward 6.x-1.10

  • Sean Robertson Forward 6.x-1.11

  • Sean Robertson Forward 6.x-1.12

  • Sean Robertson Forward 6.x-1.13

  • Sean Robertson Forward 6.x-1.14

  • Sean Robertson Forward 6.x-1.15

  • Sean Robertson Forward 6.x-1.16

  • Sean Robertson Forward 6.x-1.17

  • Sean Robertson Forward 6.x-1.18

  • Sean Robertson Forward 6.x-1.19

  • Sean Robertson Forward 6.x-1.2

  • Sean Robertson Forward 6.x-1.20

  • Sean Robertson Forward 6.x-1.3

  • Sean Robertson Forward 6.x-1.4

  • Sean Robertson Forward 6.x-1.5

  • Sean Robertson Forward 6.x-1.6

  • Sean Robertson Forward 6.x-1.7

  • Sean Robertson Forward 6.x-1.8

  • Sean Robertson Forward 6.x-1.9

  • Sean Robertson Forward 6.x-1.x-dev

  • Sean Robertson Forward 7.x-1.0

  • Sean Robertson Forward 7.x-1.1

  • Sean Robertson Forward 7.x-1.2

  • Sean Robertson Forward 7.x-1.x-dev


References

XF - drupal-multiple-blocks-security-bypass(72920)

BID - 51826

SECUNIA - 47851

OSVDB - 78817

CONFIRM - http://drupal.org/node/1425150

CONFIRM - http://drupal.org/node/1423722


Last Updated: 27 May 2016 10:58:15