Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2713

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2713
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2713

Summary

Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.

Vulnerable Systems

Application

  • Isaac Sukin Browserid 7.x-1.0

  • Isaac Sukin Browserid 7.x-1.1

  • Isaac Sukin Browserid 7.x-1.2

  • Isaac Sukin Browserid 7.x-1.x-dev


References

CONFIRM - https://drupal.org/node/1596464

XF - browserid-authentication-csrf(75869)

BID - 53673

OSVDB - 82466

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49227

CONFIRM - http://drupalcode.org/project/browserid.git/commitdiff/5e5cdcd

MISC - http://drupal.org/node/1597414


Last Updated: 27 May 2016 10:56:35