Lucene search

[email protected]CVE-2005-1871

HistoryJun 09, 2005 - 4:00 a.m.

CVE-2005-1871

2005-06-0904:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1871

drupal

vulnerability

privilege system

remote attackers

input check

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an “input check” that “is not implemented properly.”

Affected configurations

NVD

Node

drupaldrupalMatch4.4.0

drupaldrupalMatch4.4.1

drupaldrupalMatch4.4.2

drupaldrupalMatch4.5.0

drupaldrupalMatch4.5.1

drupaldrupalMatch4.5.2

drupaldrupalMatch4.6.0

CPENameOperatorVersion
drupal:drupaldrupaleq4.4.0
drupal:drupaldrupaleq4.4.1
drupal:drupaldrupaleq4.4.2
drupal:drupaldrupaleq4.5.0
drupal:drupaldrupaleq4.5.1
drupal:drupaldrupaleq4.5.2
drupal:drupaldrupaleq4.6.0

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	4.4.0
drupal:drupal	drupal	eq	4.4.1
drupal:drupal	drupal	eq	4.4.2
drupal:drupal	drupal	eq	4.5.0
drupal:drupal	drupal	eq	4.5.1
drupal:drupal	drupal	eq	4.5.2
drupal:drupal	drupal	eq	4.6.0

References

archives.neohapsis.com/archives/fulldisclosure/2005-06/0010.html

marc.info/?l=bugtraq&m=111782257601422&w=2

secunia.com/advisories/15372

www.osvdb.org/17028

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2005-1871

cvelist1 nessus1 nvd1 ubuntucve1