cve-2012-5655
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1870550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/context.git/commitdiff/4452bf1"
},
{
"name": "56993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56993"
},
{
"name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6"
},
{
"name": "51517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1870550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/context.git/commitdiff/4452bf1"
},
{
"name": "56993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56993"
},
{
"name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6"
},
{
"name": "51517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51517"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5655",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-5655\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-01-03T01:55:03.590\",\"lastModified\":\"2013-01-07T05:00:00.000\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo Context v6.x-3.x antes de v6.x-3.1 y v7.x-3.x antes de v7.x-3.0-beta6 para Drupal no restringe adecuadamente el acceso para bloquear el contenido, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D86EDBB-DCFA-4D50-99DB-8ACF1ACF66EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBF14829-B6B3-4877-958E-2AC0C9CD181C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E92FBFA-798C-4F62-BFDE-4FCC4F96444A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8BB94F-5BC4-407B-92BF-EB12DB73C56A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABEE4DD6-6B08-4ED4-A83D-CBA80876A471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"939DE81A-B5CB-4DDE-BC0A-91AB98EB0F33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE4F00D3-9E8A-4252-B89A-86DF14152CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F9F796-E4E3-41E8-9116-39818B2F0560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6940D10-57DE-4DA6-B74D-3BF557887B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"048EC726-6508-4660-8C3C-8A9D44C33FEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"866D9923-EB35-450B-847E-EE4E7F2512CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40277B77-BF40-452C-B5E6-4EC603C1D939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2BE52A3-4D15-4F57-AA4D-DF6EEAE9AD6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:6.x-3.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB8C63F8-2BA6-44CD-82F7-C97E95D9CDCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5408D146-CFED-4566-90D0-521789B9D491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F614AFDF-29FA-4E5B-9FC7-85A3EA70405D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3A5E0DB-594C-463A-BF78-55C0C658F156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0E624D-E541-4F8A-A3C1-7EDCEA909AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7944EE0-1B4A-4604-931E-C2B656B0A160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41454A9D-59CC-480B-A47D-3E4FB090A9F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2012981-AFDD-49EF-83BA-6C7A906A0E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F93CC5BA-E98C-44CB-96E9-35793967A5AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:steven_jones:context:7.x-3.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B5A5504-DD90-47A1-BB7F-5B9648ABA097\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B1170D-AD33-4C7A-892D-63AC71B032CF\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/1870550\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/context.git/commitdiff/4452bf1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://drupalcode.org/project/context.git/commitdiff/d8bf8b6\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/51517\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/12/20/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/56993\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.