Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5654

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5654
Last Modified 03 Jan 2013 12:00:00
Published 02 Jan 2013 08:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5654

Summary

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.

Vulnerable Systems

Application

  • Nodewords Project Nodewords 4.7-1.0

  • Nodewords Project Nodewords 4.7-1.1

  • Nodewords Project Nodewords 4.7-1.2

  • Nodewords Project Nodewords 4.7-1.x

  • Nodewords Project Nodewords 5.x-1.0

  • Nodewords Project Nodewords 5.x-1.10

  • Nodewords Project Nodewords 5.x-1.11

  • Nodewords Project Nodewords 5.x-1.12

  • Nodewords Project Nodewords 5.x-1.13

  • Nodewords Project Nodewords 5.x-1.2

  • Nodewords Project Nodewords 5.x-1.3

  • Nodewords Project Nodewords 5.x-1.4

  • Nodewords Project Nodewords 5.x-1.5

  • Nodewords Project Nodewords 5.x-1.7

  • Nodewords Project Nodewords 5.x-1.8

  • Nodewords Project Nodewords 5.x-1.9

  • Nodewords Project Nodewords 5.x-1.x

  • Nodewords Project Nodewords 6.x-1.0

  • Nodewords Project Nodewords 6.x-1.1

  • Nodewords Project Nodewords 6.x-1.10

  • Nodewords Project Nodewords 6.x-1.11

  • Nodewords Project Nodewords 6.x-1.12

  • Nodewords Project Nodewords 6.x-1.13

  • Nodewords Project Nodewords 6.x-1.14

  • Nodewords Project Nodewords 6.x-1.2

  • Nodewords Project Nodewords 6.x-1.3

  • Nodewords Project Nodewords 6.x-1.4

  • Nodewords Project Nodewords 6.x-1.5

  • Nodewords Project Nodewords 6.x-1.6

  • Nodewords Project Nodewords 6.x-1.7

  • Nodewords Project Nodewords 6.x-1.8

  • Nodewords Project Nodewords 6.x-1.9

  • Nodewords Project Nodewords 6.x-1.x


References

MLIST - [oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules

MISC - http://drupal.org/node/1859282

CONFIRM - http://drupal.org/node/1859208


Last Updated: 27 May 2016 11:01:33