CVE-2012-5654

The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1859208	Patch
http://drupal.org/node/1859282	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/20/1
http://drupal.org/node/1859208	Patch
http://drupal.org/node/1859282	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/20/1

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nodewords_project:nodewords::beta2::::::*
	cpe:2.3:a:nodewords_project:nodewords:4.7-1.0:::::::*
	cpe:2.3:a:nodewords_project:nodewords:4.7-1.1:::::::*
	cpe:2.3:a:nodewords_project:nodewords:4.7-1.2:::::::*
	cpe:2.3:a:nodewords_project:nodewords:4.7-1.x:dev::::::
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.0:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.2:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.3:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.4:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.5:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.7:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:rc1::::::
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.9:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.10:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.11:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.12:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.13:::::::*
	cpe:2.3:a:nodewords_project:nodewords:5.x-1.x:dev::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:rc1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.1:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.2:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha2::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta3::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta4::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta5::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.4:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.5:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.6:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.7:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.8:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.9:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.10:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.11:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta2::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta3::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta4::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta5::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta6::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta7::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta8::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta9::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:rc1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:::::::*
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc2::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.14:beta1::::::
	cpe:2.3:a:nodewords_project:nodewords:6.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:45

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/1859208 - Patch~~	() http://drupal.org/node/1859208 - Patch
References	~~() http://drupal.org/node/1859282 - Patch, Vendor Advisory~~	() http://drupal.org/node/1859282 - Patch, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2012/12/20/1 -~~	() http://www.openwall.com/lists/oss-security/2012/12/20/1 -

Information

Published : 2013-01-03 01:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-5654

Mitre link : CVE-2012-5654

CVE.ORG link : CVE-2012-5654

JSON object : View

Products Affected

drupal

drupal

nodewords_project

nodewords

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2012-5654", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-03T01:55:03.543", "references": [{"url": "http://drupal.org/node/1859208", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1859282", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1", "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1859208", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1859282", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags."}, {"lang": "es", "value": "El m\u00f3dulo Nodewords: D6 Meta Tags antes de v6.x-1.14 para Drupal, cuando se configura para generar autom\u00e1ticamente las etiquetas meta descripci\u00f3n de texto del nodo, no filtra correctamente el contenido del nodo al crear las etiquetas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de las etiquetas (1) description, (2) dc.description o (3) og:description"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodewords_project:nodewords:*:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6F3DF2-8915-44B4-9826-C645BE7198C0", "versionEndIncluding": "6.x-1.14"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:4.7-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FA9DB5-B822-4C51-A9F7-ED579281FE18"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:4.7-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8970576E-AF70-4E96-ACCC-7B89409943F4"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:4.7-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85A2DD85-58B8-412A-94FD-F33553252669"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:4.7-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ED3A756-B12B-40C4-B409-1B9297B00378"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98E29E2-2308-41ED-B214-09575C25E0A1"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A5727AB-C735-4E22-B9E1-220C731EDE77"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C4A74A6-D8CB-44D2-8745-39629E38B15C"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85F7883D-52BD-4182-AD6B-DC85B8774899"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28145D9-3AAE-4448-9894-C7BD49819D28"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "011492F2-3857-4727-9C53-1C3E48E5C4A4"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC03788-B74C-4474-8333-3004B3B4A700"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E077CBD2-9568-4818-A957-591388737E96"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07282EC3-346F-466C-96E3-B881BD3E27ED"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C55576BF-674B-416B-83AA-29F1B850D785"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45439E8E-2275-40DA-AE29-309F51E7781A"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E537D0FC-FF01-4442-BE0E-63F7516A9964"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C80C0D7-C57E-43AD-ABAC-5F7A7C1CA755"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:5.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C08CB344-7E2C-44EA-903B-833F5EBE5927"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4EDD10C-10C8-4D4C-9DC4-5F1A8557899D"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "606DAABD-B67F-4FF2-9335-FEB5E4D63AC8"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB3A50A9-FD8F-4803-80EF-0D02788C9713"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF59C7B-9B93-4B03-987F-BCC3E3940049"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2218F66F-1111-4731-B584-F9CC0575EE50"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2173265A-2E85-4289-8E4E-AD6DA7064B25"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF39A30B-674B-4960-9C1D-2C353CBD73D5"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1EB041-8A4A-4A3F-B5E3-30A2B333FE9F"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E3BD9C-FE67-4DA3-A505-2705DAC8B90D"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.3:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC494BB0-0F33-4381-AF62-19A85B3F0798"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCD1D484-B8BF-494A-802E-C575C2BEBE26"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37EFF8D6-7593-4351-9EF9-6FB0C38069FA"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFF84EDC-3422-4F79-B71B-DCD1A5A4CF5F"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "589A8787-52DF-4343-B013-9F9D0C73B1F0"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "049C6AF1-8D59-40BD-885B-3B809A8F1546"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4DBD36B-7990-43F6-9DD4-29E9F45F681D"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984D91D5-6DA5-47A1-ABC6-FEEFE5433749"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB18C2C-684B-4C4D-8FE5-570C233DBCE4"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "355B4363-9C50-41A1-A721-82B8CD323BBC"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD104382-CB02-4339-874E-10675742D795"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C835FE2E-D8FC-407D-B1CE-5A0F4D53A693"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA35B38F-DDBF-42BC-8904-E58292C234CB"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4EAB97E-3490-47BF-8F0D-861BFFCE3512"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EBB1F76-8267-45AA-9A21-78B5C8DE2D3A"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D04F01F-781A-46E9-A8EF-6542B0BFC1C1"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7114B202-BADD-4678-83C8-6732FD38E9AC"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C5217EE-48BD-42E9-A1FC-9D74FC8E3C98"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ADBE1E3-0307-482D-9568-B4BBA791CACA"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "430D2D01-AA6B-493D-88D8-B261B4B09853"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8392C41E-F9D2-499D-AF5E-C345BC90A9BB"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7F6C7F2-CD66-41E4-8AE2-B88946E041C6"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.14:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9294D41D-055F-4AFF-8A68-24F3226EC8E8"}, {"criteria": "cpe:2.3:a:nodewords_project:nodewords:6.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C8EB10-A534-4171-AC66-96B646B395E9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}

4.3 /10