Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2727

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-2727
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2727

Summary

Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

Vulnerable Systems

Application

  • Bryce Hamrick Janrain Capture 6.x-1.0

  • Bryce Hamrick Janrain Capture 7.x-1.0


References

XF - janrain-drupal-spoofing(76292)

BID - 53992

OSVDB - 82958

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49480

MISC - http://drupal.org/node/1632734

CONFIRM - http://drupal.org/node/1632704

CONFIRM - http://drupal.org/node/1632702


Last Updated: 27 May 2016 10:56:35