Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4494

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4494
Last Modified 02 Nov 2012 12:00:00
Published 31 Oct 2012 12:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4494

Summary

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Vulnerable Systems

Application

  • Niif Shibb Auth 7.x-4.0


References

MLIST - [oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules

MLIST - [oss-security] 20121004 CVE Request for Drupal Contributed Modules

CONFIRM - http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a

MISC - http://drupal.org/node/1719392

CONFIRM - http://drupal.org/node/1493244


Last Updated: 27 May 2016 10:47:18