All the vulnerabilites related to sean_robertson - forward
Vulnerability from fkie_nvd
Published
2012-02-14 00:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad \u0027clickthrough tracking\u0027 en el m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\u00f3n para administradores para peticiones de incremento de la clasificaci\u00f3n del nodo a trav\u00e9s de un c\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto."
}
],
"id": "CVE-2012-1057",
"lastModified": "2024-11-21T01:36:18.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T00:55:00.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78817"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 00:55
Modified
2024-11-21 01:36
Severity ?
Summary
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal no aplica correctamente los permisos para (1) reenv\u00edos \u0027Recent\u0027 (2) enviado \u0027Most\u0027, o (3) bloques \u0027Dynamic\u0027, lo que permite a atacantes remotos obtener t\u00edtulos de nodos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1056",
"lastModified": "2024-11-21T01:36:18.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T00:55:00.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78817"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1423722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1425150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-1056
Vulnerability from cvelistv5
Published
2012-02-14 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/47851 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/1425150 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51826 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/1423722 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72920 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78817 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "drupal-multiple-blocks-security-bypass(72920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1056",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1057
Vulnerability from cvelistv5
Published
2012-02-14 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/47851 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72922 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/1425150 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51826 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/1423722 | x_refsource_CONFIRM | |
| http://osvdb.org/78817 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1057",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}