CVE-2012-1057

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://drupal.org/node/1423722	Patch
http://drupal.org/node/1425150	Patch Vendor Advisory
http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3
http://osvdb.org/78817
http://secunia.com/advisories/47851	Vendor Advisory
http://www.securityfocus.com/bid/51826
https://exchange.xforce.ibmcloud.com/vulnerabilities/72922
http://drupal.org/node/1423722	Patch
http://drupal.org/node/1425150	Patch Vendor Advisory
http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3
http://osvdb.org/78817
http://secunia.com/advisories/47851	Vendor Advisory
http://www.securityfocus.com/bid/51826
https://exchange.xforce.ibmcloud.com/vulnerabilities/72922

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sean_robertson:forward:6.x-1.0:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.1:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.2:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.3:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.4:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.5:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.6:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.7:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.8:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.9:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.10:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.11:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.12:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.13:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.14:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.15:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.16:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.17:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.18:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.19:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.20:::::::*
	cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:sean_robertson:forward:7.x-1.0:::::::*
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4::::::
	cpe:2.3:a:sean_robertson:forward:7.x-1.1:::::::*
	cpe:2.3:a:sean_robertson:forward:7.x-1.2:::::::*
	cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:36

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/1423722 - Patch~~	() http://drupal.org/node/1423722 - Patch
References	~~() http://drupal.org/node/1425150 - Patch, Vendor Advisory~~	() http://drupal.org/node/1425150 - Patch, Vendor Advisory
References	~~() http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3 -~~	() http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3 -
References	~~() http://osvdb.org/78817 -~~	() http://osvdb.org/78817 -
References	~~() http://secunia.com/advisories/47851 - Vendor Advisory~~	() http://secunia.com/advisories/47851 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/51826 -~~	() http://www.securityfocus.com/bid/51826 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72922 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72922 -

Information

Published : 2012-02-14 00:55

Updated : 2024-11-21 01:36

NVD link : CVE-2012-1057

Mitre link : CVE-2012-1057

CVE.ORG link : CVE-2012-1057

JSON object : View

Products Affected

sean_robertson

forward

drupal

drupal

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.0 /10