Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2719

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2012-2719
Last Modified 27 Jun 2012 12:51:03
Published 26 Jun 2012 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2719

Summary

The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability."

Vulnerable Systems

Application

  • Blaine Lang Filedepot 6.x-1.0

  • Blaine Lang Filedepot 6.x-1.1

  • Blaine Lang Filedepot 6.x-1.2

  • Blaine Lang Filedepot 6.x-1.x


References

OSVDB - 82575

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49316

MISC - http://drupal.org/node/1608864

CONFIRM - http://drupal.org/node/1598782


Last Updated: 27 May 2016 10:56:35