cve-2009-4533
Vulnerability from cvelistv5
Published
2009-12-31 19:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "http://drupal.org/node/604920",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604920"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
},
{
"name": "http://drupal.org/node/604922",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"refsource": "OSVDB",
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4533",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4533\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-12-31T19:30:00.733\",\"lastModified\":\"2017-08-17T01:31:37.320\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo Webform v5.x anteriores a v5.x-2.8 y v6.x anteriores a v6.x-2.8, un m\u00f3dulo para Drupal, no evita el almacenamiento en cach\u00e9 de una p\u00e1gina que contiene una variable token con un valor por defecto, permitiendo a atacantes remotos leer variables de sesi\u00f3n mediante vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.x-2.7\",\"matchCriteriaId\":\"B3173583-D6A5-4858-850A-0F35965D806C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.x-2.7\",\"matchCriteriaId\":\"19CB9D43-9771-4076-863F-D88320358A8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE98470-E90E-4B02-BF9C-8A77A2F37FA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E086ED5-4F81-4E2B-8C26-2C0FD5ACF012\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEAFC48B-628B-4BE5-8075-5195DCA62239\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C35363-1F35-4C86-AB17-B4B83FA327AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F8DDFD-D995-4994-BFAB-8A79197946A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF015C66-674F-4E30-8965-A29E9DDBDBD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2C85D90-5718-43F6-9A21-BC1C7FBB4660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD2F6BBA-9583-4A6E-8BD7-9C9137BDF7AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50CF5C6D-2519-4E3A-A3F0-37363A78665D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-1.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3BC389-6C64-4F81-B81A-969ED7548741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F6BA05-5FD1-47CD-85B7-C6757399FC98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA566E25-C5BC-489E-84FD-EB00D1C088FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BC6C9BC-6029-4EAA-B956-5C1DFC330690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3B4489-5E0C-4425-845F-713F3FDE14A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFB71D04-20DE-4E4C-982D-45E915678EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7874ADFF-597A-44F7-BA75-99BFA7A2FE03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F80B58-AA5B-4225-ABED-B9B28F989DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FEE16F2-DF33-454E-BF2A-919EDC3C39EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA838C52-6DA7-469F-ADCC-2A40375E97C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C414AAB2-881F-4B3B-BAD2-8A790E4ACD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF5E53D-AC18-4F79-8372-57210AC95B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEBF83B-494B-4206-8F86-883F0C107D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8589A46-A370-4F3D-AD4B-6979CB253611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50FD41A8-FA49-40D4-BF68-2B82A8B1D01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:5.x-2.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27555BCB-6CD2-45B6-9F30-3918D31D582A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9F21B7-3B5F-46AA-9BCC-27C4A8EC10EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2116A457-4B84-48D3-95E9-36F0713FE660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9A5E7E4-277A-4D28-BC2B-C7413501A886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F0F162-9ED2-413F-AA62-D66BA8781B3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C2055E-DE93-46EF-A17A-B81E287A5464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC8A0D6-73D9-4635-BB25-7F9C550074A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3EA1E3-49D5-4F34-9A4E-64919876A325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3641571E-5135-48B9-9BE0-9A4B80A6FD8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC3A0E2-9DB0-456E-B19B-8C25B970DC87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783AA635-7F88-4DEB-806F-E63C50A2F509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"930832D2-A7A3-477D-94F0-10879C951E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33D074D5-35C6-4250-8483-5B2C2D9CDC61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA94879-0671-43F8-A0D8-433A659B0FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D0A31AF-E2CD-46ED-B238-C39589A4C791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4482C777-21D6-4E63-841B-7AD866956C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nathan_haug:webform:6.x-2.x-dev:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0DFF727-D2ED-4784-84A1-B73DF5093015\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/604920\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/604922\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/604942\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/58946\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37021\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36708\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2923\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/53797\",\"source\":\"cve@mitre.org\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.