CVE-2006-5477

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/88828	Patch Vendor Advisory
http://secunia.com/advisories/22486	Patch Vendor Advisory
http://securityreason.com/securityalert/1764
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html
http://www.securityfocus.com/archive/1/449200/100/0/threaded
http://www.securityfocus.com/bid/20631	Patch
http://www.vupen.com/english/advisories/2006/4120
https://exchange.xforce.ibmcloud.com/vulnerabilities/29682
http://drupal.org/node/88828	Patch Vendor Advisory
http://secunia.com/advisories/22486	Patch Vendor Advisory
http://securityreason.com/securityalert/1764
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html
http://www.securityfocus.com/archive/1/449200/100/0/threaded
http://www.securityfocus.com/bid/20631	Patch
http://www.vupen.com/english/advisories/2006/4120
https://exchange.xforce.ibmcloud.com/vulnerabilities/29682

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:drupal:4.6.0:::::::*
	cpe:2.3:a:drupal:drupal:4.6.1:::::::*
	cpe:2.3:a:drupal:drupal:4.6.2:::::::*
	cpe:2.3:a:drupal:drupal:4.6.3:::::::*
	cpe:2.3:a:drupal:drupal:4.6.4:::::::*
	cpe:2.3:a:drupal:drupal:4.6.5:::::::*
	cpe:2.3:a:drupal:drupal:4.6.6:::::::*
	cpe:2.3:a:drupal:drupal:4.6.7:::::::*
	cpe:2.3:a:drupal:drupal:4.6.8:::::::*
	cpe:2.3:a:drupal:drupal:4.6.9:::::::*
	cpe:2.3:a:drupal:drupal:4.7.0:::::::*
	cpe:2.3:a:drupal:drupal:4.7.1:::::::*
	cpe:2.3:a:drupal:drupal:4.7.2:::::::*
	cpe:2.3:a:drupal:drupal:4.7.3:::::::*

History

21 Nov 2024, 00:19

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/88828 - Patch, Vendor Advisory~~	() http://drupal.org/node/88828 - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/22486 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/22486 - Patch, Vendor Advisory
References	~~() http://securityreason.com/securityalert/1764 -~~	() http://securityreason.com/securityalert/1764 -
References	~~() http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html -~~	() http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html -
References	~~() http://www.securityfocus.com/archive/1/449200/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/449200/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/20631 - Patch~~	() http://www.securityfocus.com/bid/20631 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/4120 -~~	() http://www.vupen.com/english/advisories/2006/4120 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/29682 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/29682 -

Information

Published : 2006-10-24 20:07

Updated : 2024-11-21 00:19

NVD link : CVE-2006-5477

Mitre link : CVE-2006-5477

CVE.ORG link : CVE-2006-5477

JSON object : View

Products Affected

drupal

drupal

CWE

NVD-CWE-Other

2.6 /10