CVE-2012-1057 (GCVE-0-2012-1057)

Vulnerability from cvelistv5 – Published: 2012-02-14 00:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/47851 third-party-advisoryx_refsource_SECUNIA
http://drupalcode.org/project/forward.git/commitd… x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://drupal.org/node/1425150 x_refsource_CONFIRM
http://www.securityfocus.com/bid/51826 vdb-entryx_refsource_BID
http://drupal.org/node/1423722 x_refsource_CONFIRM
http://osvdb.org/78817 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:45:26.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47851",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47851"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
          },
          {
            "name": "drupal-forward-unspecified-csrf(72922)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1425150"
          },
          {
            "name": "51826",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51826"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1423722"
          },
          {
            "name": "78817",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/78817"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "47851",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47851"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
        },
        {
          "name": "drupal-forward-unspecified-csrf(72922)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1425150"
        },
        {
          "name": "51826",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51826"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1423722"
        },
        {
          "name": "78817",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/78817"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1057",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47851",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/47851"
            },
            {
              "name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3",
              "refsource": "CONFIRM",
              "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
            },
            {
              "name": "drupal-forward-unspecified-csrf(72922)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
            },
            {
              "name": "http://drupal.org/node/1425150",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1425150"
            },
            {
              "name": "51826",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51826"
            },
            {
              "name": "http://drupal.org/node/1423722",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1423722"
            },
            {
              "name": "78817",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/78817"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1057",
    "datePublished": "2012-02-14T00:00:00",
    "dateReserved": "2012-02-13T00:00:00",
    "dateUpdated": "2024-08-06T18:45:26.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"310173CA-5639-4270-9134-A18EB3DD551D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BC8677D-28BD-42C8-A469-0070FD141BDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D0307CD-9507-4FA2-8294-642688287717\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6D66470-7133-4380-AC55-EE15C51F72D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3989A71-9188-4FCF-828B-04DE4ABA1FFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3A004DD-9852-4594-AAED-6A837971B606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"639D6DD6-166D-453E-82BD-9015D4A8B9A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECBB54D3-94AF-4D47-853A-9E047950D84C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"215024FE-1D6C-4220-A34D-3CB3E356C917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54594F8E-8B3F-40B8-89A3-D974CB39CC65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825510E4-F63E-4E2C-BAF2-20A59ECA2EF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31E3EB43-5550-4A59-B941-450934EAC037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1228050-F0DE-4493-A976-4EFC12E4A05B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC598C74-9D35-43EA-A74E-77605C4CEA9A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E6DB82-17BC-4F6B-AAF0-40054563E6A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"39881745-9EF8-44E7-8EBC-D99D7600D6F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A662BB80-197A-4A5B-B25F-1FBBC01AAF4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD9CED5B-9A11-497C-B426-EBAF9BB30466\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"925866B3-0DF1-4B0B-8086-B7A72D317DBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A430208-187A-4BD7-BE60-4AC7819322F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8E02D86-E313-407D-8951-89E10AE6B6EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66A7EE37-458E-4150-A779-92F58079B23A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \\\"flood control.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados (CSRF) en la funcionalidad \u0027clickthrough tracking\u0027 en el m\\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\\u00f3n para administradores para peticiones de incremento de la clasificaci\\u00f3n del nodo a trav\\u00e9s de un c\\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto.\"}]",
      "id": "CVE-2012-1057",
      "lastModified": "2024-11-21T01:36:18.930",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-02-14T00:55:00.803",
      "references": "[{\"url\": \"http://drupal.org/node/1423722\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://drupal.org/node/1425150\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/78817\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/47851\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/51826\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/72922\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://drupal.org/node/1423722\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://drupal.org/node/1425150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/78817\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/47851\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/51826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/72922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-1057\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-02-14T00:55:00.803\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \\\"flood control.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad \u0027clickthrough tracking\u0027 en el m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\u00f3n para administradores para peticiones de incremento de la clasificaci\u00f3n del nodo a trav\u00e9s de un c\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"310173CA-5639-4270-9134-A18EB3DD551D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC8677D-28BD-42C8-A469-0070FD141BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D0307CD-9507-4FA2-8294-642688287717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D66470-7133-4380-AC55-EE15C51F72D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3989A71-9188-4FCF-828B-04DE4ABA1FFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3A004DD-9852-4594-AAED-6A837971B606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"639D6DD6-166D-453E-82BD-9015D4A8B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBB54D3-94AF-4D47-853A-9E047950D84C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"215024FE-1D6C-4220-A34D-3CB3E356C917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54594F8E-8B3F-40B8-89A3-D974CB39CC65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825510E4-F63E-4E2C-BAF2-20A59ECA2EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31E3EB43-5550-4A59-B941-450934EAC037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1228050-F0DE-4493-A976-4EFC12E4A05B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC598C74-9D35-43EA-A74E-77605C4CEA9A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E6DB82-17BC-4F6B-AAF0-40054563E6A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39881745-9EF8-44E7-8EBC-D99D7600D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A662BB80-197A-4A5B-B25F-1FBBC01AAF4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD9CED5B-9A11-497C-B426-EBAF9BB30466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"925866B3-0DF1-4B0B-8086-B7A72D317DBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A430208-187A-4BD7-BE60-4AC7819322F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E02D86-E313-407D-8951-89E10AE6B6EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A7EE37-458E-4150-A779-92F58079B23A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/1423722\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1425150\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/78817\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/47851\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51826\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://drupal.org/node/1423722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1425150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/78817\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/47851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.