CVE-2012-5556

Опубликовано: 03 дек. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

Ссылки

http://drupal.org/node/1840722
Patch
http://drupal.org/node/1840728
Patch
http://drupal.org/node/1840740
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/20/4
http://drupal.org/node/1840722
Patch
http://drupal.org/node/1840728
Patch
http://drupal.org/node/1840740
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/20/4

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-1.x:dev:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.x:dev:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00151

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-j7rr-r9x8-9jvj

github

около 3 лет назад