Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1645

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-1645
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-1645

Summary

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

Vulnerable Systems

Application

  • Wimleers Cdn 6.x-2.2

  • Wimleers Cdn 7.x-2.2


References

MISC - https://drupal.org/node/1441502

OSVDB - 79317

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

SECUNIA - 48032

CONFIRM - http://drupalcode.org/project/cdn.git/commitdiff/eca85e6

CONFIRM - http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff

CONFIRM - http://drupal.org/node/1441482

CONFIRM - http://drupal.org/node/1441480


Last Updated: 27 May 2016 11:00:22