Published: 28/10/2013 Updated: 08/03/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Drupal 6.x prior to 6.23 and 7.x prior to 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote malicious users to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 7.9
drupal drupal 7.8
drupal drupal 7.7
drupal drupal 7.0
drupal drupal 6.0
drupal drupal 6.1
drupal drupal 6.16
drupal drupal 6.17
drupal drupal 7.4
drupal drupal 7.3
drupal drupal 6.12
drupal drupal 6.13
drupal drupal 6.2
drupal drupal 6.20
drupal drupal 7.6
drupal drupal 7.5
drupal drupal 6.10
drupal drupal 6.11
drupal drupal 6.18
drupal drupal 6.19
drupal drupal 7.x-dev
drupal drupal 7.10
drupal drupal 7.2
drupal drupal 7.1
drupal drupal 7.x
drupal drupal 6.14
drupal drupal 6.15
drupal drupal 6.21
drupal drupal 6.22
drupal drupal 6.23

Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery For the oldstable distribution (squeeze), these problems have been fixed in version 628-1 For the stable distribution (wheezy), these problems ...

CWE-200 http://openid.net/2011/05/05/attribute-exchange-security-alert/https://drupal.org/node/1425084 http://www.debian.org/security/2013/dsa-2776 https://nvd.nist.gov https://www.debian.org/security/./dsa-2776

CVE-2012-0825

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect