All the vulnerabilites related to marc_ingram - services
cve-2008-6908
Vulnerability from cvelistv5
Published
2009-08-06 17:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/50743 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/32894 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/348295 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47458 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50743",
"refsource": "OSVDB",
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32894"
},
{
"name": "http://drupal.org/node/348295",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6908",
"datePublished": "2009-08-06T17:00:00",
"dateReserved": "2009-08-06T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6910
Vulnerability from cvelistv5
Published
2009-08-06 18:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/50743 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52441 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32894 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/348295 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50743"
},
{
"name": "services-timeout-security-bypass(52441)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/348295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50743"
},
{
"name": "services-timeout-security-bypass(52441)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/348295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50743",
"refsource": "OSVDB",
"url": "http://osvdb.org/50743"
},
{
"name": "services-timeout-security-bypass(52441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
},
{
"name": "32894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32894"
},
{
"name": "http://drupal.org/node/348295",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6910",
"datePublished": "2009-08-06T18:00:00",
"dateReserved": "2009-08-06T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5586
Vulnerability from cvelistv5
Published
2012-12-26 17:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1842026 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/56723 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/11/29/2 | mailing-list, x_refsource_MLIST | |
| http://drupal.org/node/1853200 | x_refsource_MISC | |
| http://drupal.org/node/1842022 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1842026"
},
{
"name": "56723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56723"
},
{
"name": "[oss-security] 20121128 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1853200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1842022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"access user profiles\" permission to access arbitrary users\u0027 emails via vectors related to the \"user index method\" and \"the path to the user resource.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1842026"
},
{
"name": "56723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56723"
},
{
"name": "[oss-security] 20121128 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1853200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1842022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"access user profiles\" permission to access arbitrary users\u0027 emails via vectors related to the \"user index method\" and \"the path to the user resource.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1842026",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1842026"
},
{
"name": "56723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56723"
},
{
"name": "[oss-security] 20121128 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2"
},
{
"name": "http://drupal.org/node/1853200",
"refsource": "MISC",
"url": "http://drupal.org/node/1853200"
},
{
"name": "http://drupal.org/node/1842022",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1842022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5586",
"datePublished": "2012-12-26T17:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:15.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6909
Vulnerability from cvelistv5
Published
2009-08-06 18:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52438 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/50743 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/32894 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/348295 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47458 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "services-request-security-bypass(52438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438"
},
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "services-request-security-bypass(52438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438"
},
{
"name": "50743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "services-request-security-bypass(52438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438"
},
{
"name": "50743",
"refsource": "OSVDB",
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32894"
},
{
"name": "http://drupal.org/node/348295",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6909",
"datePublished": "2009-08-06T18:00:00",
"dateReserved": "2009-08-06T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-08-06 17:30
Modified
2024-11-21 00:57
Severity ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marc_ingram | services | 5.x-0.9 | |
| marc_ingram | services | 5.x-0.91 | |
| marc_ingram | services | 5.x-1.x-dev | |
| marc_ingram | services | 6.x-0.9 | |
| marc_ingram | services | 6.x-0.11 | |
| marc_ingram | services | 6.x-0.12 | |
| marc_ingram | services | 6.x-1.x-dev | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "971DC8A9-7356-4D6F-993C-5F5F28EF037D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E589A651-CBBB-49E5-8D67-68DBE6159570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF5BAF1-3FF5-4D36-8B18-0C1DA07C4344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B403152-7E41-43D5-A71D-1FFBCD99C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47E13993-D2EE-40AD-98E2-EC5B76589970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF94F5E-8314-436F-8259-0190E32586A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "4307E56C-E735-416C-B170-225609059BEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges."
},
{
"lang": "es",
"value": "Services v5.x anterior a v5.x-0.92 y v6.x anterior a v6.x-0.13, un m\u00f3dulo de Drupal, utiliza un hash inseguro al firmar las solicitudes, lo que permite a atacantes remotos suplantar a otros usuarios y obtener privilegios."
}
],
"id": "CVE-2008-6908",
"lastModified": "2024-11-21T00:57:46.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-06T17:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-06 18:30
Modified
2024-11-21 00:57
Severity ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | drupal | * | |
| marc_ingram | services | 5.x-0.9 | |
| marc_ingram | services | 5.x-0.91 | |
| marc_ingram | services | 5.x-1.x-dev | |
| marc_ingram | services | 6.x-0.9 | |
| marc_ingram | services | 6.x-0.11 | |
| marc_ingram | services | 6.x-0.12 | |
| marc_ingram | services | 6.x-1.x-dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "971DC8A9-7356-4D6F-993C-5F5F28EF037D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E589A651-CBBB-49E5-8D67-68DBE6159570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF5BAF1-3FF5-4D36-8B18-0C1DA07C4344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B403152-7E41-43D5-A71D-1FFBCD99C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47E13993-D2EE-40AD-98E2-EC5B76589970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF94F5E-8314-436F-8259-0190E32586A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "4307E56C-E735-416C-B170-225609059BEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request."
},
{
"lang": "es",
"value": "El Modulo Services v5.x anterior a v5.x-0.92 y v6.x anterior a v6.x-0.13 para Drupal, no emplea tiempos de espera para las peticiones firmadas, lo que permite a atacantes remotos suplantar a otros usuarios y obtener privilegios a trav\u00e9s de un ataque de reproducci\u00f3n que env\u00eda la misma petici\u00f3n."
}
],
"id": "CVE-2008-6910",
"lastModified": "2024-11-21T00:57:47.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-06T18:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-06 18:30
Modified
2024-11-21 00:57
Severity ?
Summary
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marc_ingram | services | 5.x-0.9 | |
| marc_ingram | services | 5.x-0.91 | |
| marc_ingram | services | 5.x-1.x-dev | |
| marc_ingram | services | 6.x-0.9 | |
| marc_ingram | services | 6.x-0.11 | |
| marc_ingram | services | 6.x-0.12 | |
| marc_ingram | services | 6.x-1.x-dev | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "971DC8A9-7356-4D6F-993C-5F5F28EF037D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E589A651-CBBB-49E5-8D67-68DBE6159570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF5BAF1-3FF5-4D36-8B18-0C1DA07C4344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9B403152-7E41-43D5-A71D-1FFBCD99C334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47E13993-D2EE-40AD-98E2-EC5B76589970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF94F5E-8314-436F-8259-0190E32586A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "4307E56C-E735-416C-B170-225609059BEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges."
},
{
"lang": "es",
"value": "El Modulo Services v5.x anterior a v5.x-0.92 y v6.x anterior a v6.x-0.13 para Drupal, no firma todos los datos necesarios en las peticiones, cuyo impacto se desconoce, probablemente relacionado con ataques de hombre-en-el-medio (man-in-the-middle)que modifican datos cr\u00edticos y permiten a atacantes remotos suplantar a otros usuarios y obtener privilegios."
}
],
"id": "CVE-2008-6909",
"lastModified": "2024-11-21T00:57:46.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-06T18:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osvdb.org/50743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osvdb.org/50743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-26 17:55
Modified
2024-11-21 01:44
Severity ?
Summary
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.0 | |
| marc_ingram | services | 6.x-3.1 | |
| marc_ingram | services | 6.x-3.2 | |
| marc_ingram | services | 6.x-3.x | |
| drupal | drupal | - | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.0 | |
| marc_ingram | services | 7.x-3.1 | |
| marc_ingram | services | 7.x-3.2 | |
| marc_ingram | services | 7.x-3.3 | |
| marc_ingram | services | 7.x-3.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8709726B-3CC9-4149-8FFA-57ACB47E1232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "7F8D4108-3D6C-4443-A27E-A0853A5398B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E59520DC-4B1D-4C78-846F-4A7E092C0B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E0FF092C-EC93-4371-820B-3A25C0BEF666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3149C6F6-9C91-4A8E-BEC0-B476D9B3CF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB1E5589-AD4C-4535-B4E2-12665B8A6C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A8705011-0A2A-43CD-8FA8-D09DE0DFB586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "68E4D950-4F4E-4323-B18B-EEFCDB8F5D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable1:*:*:*:*:*:*",
"matchCriteriaId": "F75AD2A4-8CFB-4598-9D7B-C311731C49C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable2:*:*:*:*:*:*",
"matchCriteriaId": "21599548-D154-4AC6-9700-2AD02281B097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable3:*:*:*:*:*:*",
"matchCriteriaId": "990E06E3-3164-4A83-AAC0-64E39B02BD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9B12B8-1A47-48CD-9439-842EC59C8560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3972A6-A0CC-4F61-A6FF-D0B8B5139559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "5AF42B77-B1EB-4B06-941C-FC414568E0BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0401AB3-8CD3-4191-BD67-FDEF8AC389E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8F3E689-9099-4B52-A521-C9933CEC3A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FF87F785-B660-4471-8525-8C38E4B1ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92E55B94-035B-4C95-844A-994FC9098DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F178FBC3-11A0-4341-B930-7FD45F2E9391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AFC242C4-3283-4D6D-B69F-869E971D2102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B1A2F122-6D2C-42BC-8DA5-BBD19CE5FC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "57C52124-9EF2-448B-B768-A9CAAAF4F9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "35055934-F01E-44DF-906B-B0B23BDBE9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82C2C7C6-AE59-4BCF-8296-591D6DBFD907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "840E97FC-3BA3-43C9-AB0B-49267D75F529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "41060BF1-EFD1-449D-8D41-C6B898058DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "32EBEE31-40E3-40A2-8FCB-EF726A1451EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"access user profiles\" permission to access arbitrary users\u0027 emails via vectors related to the \"user index method\" and \"the path to the user resource.\""
},
{
"lang": "es",
"value": "El m\u00f3dulo Services v6.x-3.x antes de v6.x-3.3 y v7.x-3.x antes de v7.x-3.3 para Drupal permite a usuarios remotos autenticados con el permiso de \"acceso a perfiles de usuario\" para acceder a correos electr\u00f3nicos de usuarios de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"m\u00e9todo del \u00edndice de usuario\" y \"la ruta de acceso al recurso de usuario\".\r\n"
}
],
"id": "CVE-2012-5586",
"lastModified": "2024-11-21T01:44:56.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-26T17:55:02.190",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1842022"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1842026"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1853200"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1842022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1842026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1853200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56723"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}