Drupal 6.x prior to 6.23 and 7.x prior to 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote malicious users to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 7.9 |
||
drupal drupal 7.8 |
||
drupal drupal 7.7 |
||
drupal drupal 7.0 |
||
drupal drupal 6.0 |
||
drupal drupal 6.1 |
||
drupal drupal 6.16 |
||
drupal drupal 6.17 |
||
drupal drupal 7.4 |
||
drupal drupal 7.3 |
||
drupal drupal 6.12 |
||
drupal drupal 6.13 |
||
drupal drupal 6.2 |
||
drupal drupal 6.20 |
||
drupal drupal 7.6 |
||
drupal drupal 7.5 |
||
drupal drupal 6.10 |
||
drupal drupal 6.11 |
||
drupal drupal 6.18 |
||
drupal drupal 6.19 |
||
drupal drupal 7.x-dev |
||
drupal drupal 7.10 |
||
drupal drupal 7.2 |
||
drupal drupal 7.1 |
||
drupal drupal 7.x |
||
drupal drupal 6.14 |
||
drupal drupal 6.15 |
||
drupal drupal 6.21 |
||
drupal drupal 6.22 |
||
drupal drupal 6.23 |