CVE-2009-3568

Опубликовано: 06 окт. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.

Ссылки

http://drupal.org/node/579280
Patch
Vendor Advisory
http://drupal.org/node/579290
Patch
Vendor Advisory
http://drupal.org/node/579292
Patch
Vendor Advisory
http://secunia.com/advisories/36787
Vendor Advisory
http://www.osvdb.org/58177
http://www.securityfocus.com/bid/36429
http://drupal.org/node/579280
Patch
Vendor Advisory
http://drupal.org/node/579290
Patch
Vendor Advisory
http://drupal.org/node/579292
Patch
Vendor Advisory
http://secunia.com/advisories/36787
Vendor Advisory
http://www.osvdb.org/58177
http://www.securityfocus.com/bid/36429

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:dave_reid:commentrss:5.x-2.1:*:*:*:*:*:*:*

cpe:2.3:a:dave_reid:commentrss:6.x-2.1:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-1.x:dev:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:5.x-2.x:dev:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:6.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:6.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:6.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:gabor_hojtsy:commentrss:6.x-2.x:dev:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.0045

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2009-3568

ubuntu

больше 15 лет назад

GHSA-62wr-q7q7-4f5m

github

около 3 лет назад