Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5651

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5651
Last Modified 08 Mar 2014 12:00:34
Published 02 Jan 2013 08:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5651

Summary

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.

Vulnerable Systems

Application

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.10

  • Drupal 6.11

  • Drupal 6.12

  • Drupal 6.13

  • Drupal 6.14

  • Drupal 6.15

  • Drupal 6.16

  • Drupal 6.17

  • Drupal 6.18

  • Drupal 6.19

  • Drupal 6.2

  • Drupal 6.20

  • Drupal 6.21

  • Drupal 6.22

  • Drupal 6.23

  • Drupal 6.24

  • Drupal 6.25

  • Drupal 6.26

  • Drupal 6.3

  • Drupal 6.4

  • Drupal 6.5

  • Drupal 6.6

  • Drupal 6.7

  • Drupal 6.8

  • Drupal 6.9

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.10

  • Drupal 7.11

  • Drupal 7.12

  • Drupal 7.13

  • Drupal 7.14

  • Drupal 7.15

  • Drupal 7.16

  • Drupal 7.17

  • Drupal 7.2

  • Drupal 7.3

  • Drupal 7.4

  • Drupal 7.5

  • Drupal 7.6

  • Drupal 7.7

  • Drupal 7.8

  • Drupal 7.9

  • Drupal 7.x-dev


References

XF - drupalcore-user-information-disclosure(80792)

BID - 56993

OSVDB - 88528

MLIST - [oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules

CONFIRM - http://drupalcode.org/project/drupal.git/commitdiff/da8023a

CONFIRM - http://drupalcode.org/project/drupal.git/commitdiff/b47f95d

CONFIRM - http://drupal.org/SA-CORE-2012-004

MANDRIVA - MDVSA-2013:074

DEBIAN - DSA-2776


Last Updated: 27 May 2016 11:01:33