Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2296

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2296
Last Modified 19 Nov 2012 11:45:13
Published 25 Jul 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2296

Summary

The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.

Vulnerable Systems

Application

  • Janrain Rpx 6.x-1.0

  • Janrain Rpx 6.x-1.1

  • Janrain Rpx 6.x-1.2

  • Janrain Rpx 6.x-1.3

  • Janrain Rpx 6.x-1.4

  • Janrain Rpx 6.x-2.1

  • Janrain Rpx 7.x-2.0

  • Janrain Rpx 7.x-2.1

  • Janrain Rpx 7.x-2.x


References

CONFIRM - https://drupal.org/node/1515282

MLIST - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules

MLIST - [oss-security] 20120502 CVE Request for Drupal contributed modules

MLIST - [oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MISC - http://drupal.org/node/1515282

CONFIRM - http://drupal.org/node/1515120

CONFIRM - http://drupal.org/node/1515114

XF - janrain-drupalcontent-info-disclosure(74616)


Last Updated: 27 May 2016 10:54:58