Published: 28/10/2013 Updated: 08/03/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x prior to 6.23 and 7.x prior to 7.11 allows remote malicious users to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 6.6
drupal drupal 6.7
drupal drupal 6.0
drupal drupal 6.11
drupal drupal 6.12
drupal drupal 6.2
drupal drupal 6.20
drupal drupal 6.3
drupal drupal 6.16
drupal drupal 6.17
drupal drupal 6.8
drupal drupal 6.9
drupal drupal 6.13
drupal drupal 6.14
drupal drupal 6.15
drupal drupal 6.21
drupal drupal 6.22
drupal drupal 6.4
drupal drupal 6.5
drupal drupal 6.1
drupal drupal 6.10
drupal drupal 6.18
drupal drupal 6.19
drupal drupal 7.5
drupal drupal 7.6
drupal drupal 7.0
drupal drupal 7.2
drupal drupal 7.9
drupal drupal 7.x-dev
drupal drupal 7.1
drupal drupal 7.7
drupal drupal 7.8
drupal drupal 7.3
drupal drupal 7.4
drupal drupal 7.10

Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery For the oldstable distribution (squeeze), these problems have been fixed in version 628-1 For the stable distribution (wheezy), these problems ...

CWE-352 https://drupal.org/node/1425084 http://www.debian.org/security/2013/dsa-2776 https://nvd.nist.gov https://www.debian.org/security/./dsa-2776

CVE-2012-0826

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect