Lucene search

[email protected]CVE-2007-5597

HistoryOct 19, 2007 - 11:17 p.m.

CVE-2007-5597

2007-10-1923:17:00

CWE-264

[email protected]

web.nvd.nist.gov

drupal

security vulnerability

cve-2007-5597

access restriction bypass

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

Affected configurations

NVD

Node

drupaldrupalRange4.7.0–4.7.8

drupaldrupalRange5.0–5.3

CPENameOperatorVersion
drupal:drupaldrupallt4.7.8
drupal:drupaldrupallt5.3

CPE	Name	Operator	Version
drupal:drupal	drupal	lt	4.7.8
drupal:drupal	drupal	lt	5.3

References

drupal.org/node/184354

secunia.com/advisories/27292

secunia.com/advisories/27352

www.securityfocus.com/bid/26119

www.vupen.com/english/advisories/2007/3546

exchange.xforce.ibmcloud.com/vulnerabilities/37296

www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2007-5597

nvd1 cvelist1 prion1 ubuntucve1 openvas4 fedora1 nessus2 freebsd1