Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1591

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1591
Last Modified 12 Dec 2013 11:58:15
Published 30 Sep 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1591

Summary

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Vulnerable Systems

Application

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.10

  • Drupal 7.11

  • Drupal 7.12

  • Drupal 7.13

  • Drupal 7.2

  • Drupal 7.3

  • Drupal 7.4

  • Drupal 7.5

  • Drupal 7.6

  • Drupal 7.7

  • Drupal 7.8

  • Drupal 7.9

  • Drupal 7.x-dev


References

CONFIRM - http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8

CONFIRM - http://drupal.org/node/1557938

CONFIRM - http://drupal.org/node/1507988

CONFIRM - http://drupal.org/drupal-7.14

BID - 53359

SECUNIA - 49012

MANDRIVA - MDVSA-2013:074


Last Updated: 27 May 2016 11:00:49