CVE-2012-1591

Опубликовано: 01 окт. 2012

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00463

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2012-1591

ubuntu

около 13 лет назад

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

CVE-2012-1591

debian

около 13 лет назад

The image module in Drupal 7.x before 7.14 does not properly check per ...

GHSA-x6x4-j89w-cw4w

github

больше 3 лет назад

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

EPSS

Процентиль: 64%

0.00463

Низкий

5 Medium

CVSS2

Дефекты

CWE-264