CVE-2012-2155

Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://drupal.org/node/1506542	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/80686
http://www.securityfocus.com/bid/52812
https://exchange.xforce.ibmcloud.com/vulnerabilities/74522

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:kyle_browning:cdn2_video:6.x-1.x:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-14 23:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-2155

Mitre link : CVE-2012-2155

CVE.ORG link : CVE-2012-2155

JSON object : View

Products Affected

kyle_browning

cdn2_video

drupal

drupal

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2012-2155", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-14T23:55:01.957", "references": [{"url": "http://drupal.org/node/1506542", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/80686", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/52812", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74522", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF)\r\nen el m\u00f3dulo CDN2 Video v6.x para Drupal permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos.\r\n"}], "lastModified": "2017-08-29T01:31:31.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kyle_browning:cdn2_video:6.x-1.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB489682-793E-442B-BC68-103E529B8AFC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}