Lucene search

[email protected]CVE-2008-3743

HistoryAug 27, 2008 - 3:21 p.m.

CVE-2008-3743

2008-08-2715:21:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2008

3743

csrf

vulnerabilities

drupal 6.x

remote attackers

token validation

cached forms

ahah elements

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.

Affected configurations

NVD

Node

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

CPENameOperatorVersion
drupal:drupaldrupaleq6.0
drupal:drupaldrupaleq6.1
drupal:drupaldrupaleq6.2
drupal:drupaldrupaleq6.3

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	6.0
drupal:drupal	drupal	eq	6.1
drupal:drupal	drupal	eq	6.2
drupal:drupal	drupal	eq	6.3

References

drupal.org/node/295053

secunia.com/advisories/31462

secunia.com/advisories/31825

www.securityfocus.com/bid/30689

www.vupen.com/english/advisories/2008/2392

bugzilla.redhat.com/show_bug.cgi?id=459108

exchange.xforce.ibmcloud.com/vulnerabilities/44453

www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2008-3743

cvelist1 ubuntucve1 prion1 nvd1 openvas4 nessus3 freebsd1 fedora1