CVE-2012-1057
Vulnerability from cvelistv5
Published
2012-02-14 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47851"
},
{
"name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"
},
{
"name": "drupal-forward-unspecified-csrf(72922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"
},
{
"name": "http://drupal.org/node/1425150",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1425150"
},
{
"name": "51826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51826"
},
{
"name": "http://drupal.org/node/1423722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1423722"
},
{
"name": "78817",
"refsource": "OSVDB",
"url": "http://osvdb.org/78817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1057",
"datePublished": "2012-02-14T00:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-1057\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-02-14T00:55:00.803\",\"lastModified\":\"2017-08-29T01:31:10.883\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \\\"flood control.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad \u0027clickthrough tracking\u0027 en el m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\u00f3n para administradores para peticiones de incremento de la clasificaci\u00f3n del nodo a trav\u00e9s de un c\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"310173CA-5639-4270-9134-A18EB3DD551D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC8677D-28BD-42C8-A469-0070FD141BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D0307CD-9507-4FA2-8294-642688287717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D66470-7133-4380-AC55-EE15C51F72D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3989A71-9188-4FCF-828B-04DE4ABA1FFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3A004DD-9852-4594-AAED-6A837971B606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"639D6DD6-166D-453E-82BD-9015D4A8B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBB54D3-94AF-4D47-853A-9E047950D84C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"215024FE-1D6C-4220-A34D-3CB3E356C917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54594F8E-8B3F-40B8-89A3-D974CB39CC65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825510E4-F63E-4E2C-BAF2-20A59ECA2EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31E3EB43-5550-4A59-B941-450934EAC037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1228050-F0DE-4493-A976-4EFC12E4A05B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC598C74-9D35-43EA-A74E-77605C4CEA9A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E6DB82-17BC-4F6B-AAF0-40054563E6A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39881745-9EF8-44E7-8EBC-D99D7600D6F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A662BB80-197A-4A5B-B25F-1FBBC01AAF4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD9CED5B-9A11-497C-B426-EBAF9BB30466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"925866B3-0DF1-4B0B-8086-B7A72D317DBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A430208-187A-4BD7-BE60-4AC7819322F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E02D86-E313-407D-8951-89E10AE6B6EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A7EE37-458E-4150-A779-92F58079B23A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/1423722\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1425150\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/78817\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/47851\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51826\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/72922\",\"source\":\"cve@mitre.org\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.