Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5655

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5655
Last Modified 07 Jan 2013 12:00:00
Published 02 Jan 2013 08:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5655

Summary

The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.

Vulnerable Systems

Application

  • Steven Jones Context 6.x-3.0

  • Steven Jones Context 6.x-3.x

  • Steven Jones Context 7.x-3.0

  • Steven Jones Context 7.x-3.x


References

BID - 56993

MLIST - [oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules

SECUNIA - 51517

CONFIRM - http://drupalcode.org/project/context.git/commitdiff/d8bf8b6

CONFIRM - http://drupalcode.org/project/context.git/commitdiff/4452bf1

CONFIRM - http://drupal.org/node/1870550


Last Updated: 27 May 2016 11:01:31