[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-1645Date: (C)2012-08-28   (M)2023-12-22


The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-48032
OSVDB-79317
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://drupal.org/node/1441480
http://drupal.org/node/1441482
http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
https://drupal.org/node/1441502

CPE    3
cpe:/a:wimleers:cdn:7.x-2.2
cpe:/a:wimleers:cdn:6.x-2.2
cpe:/a:drupal:drupal:-
CWE    1
CWE-200

© SecPod Technologies