[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-3743

Date: (C)2008-08-27   (M)2017-08-08 


Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.

CVSS Score: 5.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-30689
SECUNIA-31462
SECUNIA-31825
ADV-2008-2392
FEDORA-2008-7467
FEDORA-2008-7626
drupal-ahah-csrf(44453)
http://drupal.org/node/295053
https://bugzilla.redhat.com/show_bug.cgi?id=459108

CPE    4
cpe:/a:drupal:drupal:6.1
cpe:/a:drupal:drupal:6.0
cpe:/a:drupal:drupal:6.3
cpe:/a:drupal:drupal:6.2
...
CWE    1
CWE-352

© 2013 SecPod Technologies