Lucene search

[email protected]CVE-2012-2097

HistoryAug 14, 2012 - 9:55 p.m.

CVE-2012-2097

2012-08-1421:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve

2012

2097

cross-site request forgery

csrf

vulnerability

autosave module

drupal

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving “submitting saved results to a node.”

Affected configurations

NVD

Node

larry_garfieldautosaveRange≤6.x-2.9

larry_garfieldautosaveMatch6.x-2.0

larry_garfieldautosaveMatch6.x-2.1

larry_garfieldautosaveMatch6.x-2.2

larry_garfieldautosaveMatch6.x-2.3

larry_garfieldautosaveMatch6.x-2.4

larry_garfieldautosaveMatch6.x-2.5

larry_garfieldautosaveMatch6.x-2.6

larry_garfieldautosaveMatch6.x-2.7

larry_garfieldautosaveMatch6.x-2.8

larry_garfieldautosaveMatch6.x-2.xdev

larry_garfieldautosaveMatch7.x-2.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
larry_garfield:autosavelarry garfield autosavele6.x-2.9
larry_garfield:autosavelarry garfield autosaveeq6.x-2.0
larry_garfield:autosavelarry garfield autosaveeq6.x-2.1
larry_garfield:autosavelarry garfield autosaveeq6.x-2.2
larry_garfield:autosavelarry garfield autosaveeq6.x-2.3
larry_garfield:autosavelarry garfield autosaveeq6.x-2.4
larry_garfield:autosavelarry garfield autosaveeq6.x-2.5
larry_garfield:autosavelarry garfield autosaveeq6.x-2.6
larry_garfield:autosavelarry garfield autosaveeq6.x-2.7
larry_garfield:autosavelarry garfield autosaveeq6.x-2.8

CPE	Name	Operator	Version
larry_garfield:autosave	larry garfield autosave	le	6.x-2.9
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.0
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.1
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.2
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.3
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.4
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.5
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.6
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.7
larry_garfield:autosave	larry garfield autosave	eq	6.x-2.8

Rows per page:

1-10 of 121

References

drupal.org/node/1525998

drupal.org/node/1528864

drupal.org/node/1528906

drupalcode.org/project/autosave.git/commitdiff/39f7fb0

drupalcode.org/project/autosave.git/commitdiff/f7bfd2d

www.openwall.com/lists/oss-security/2012/04/11/4

www.openwall.com/lists/oss-security/2012/04/12/2

www.securityfocus.com/bid/52985

exchange.xforce.ibmcloud.com/vulnerabilities/74838

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2012-2097

nvd1 cvelist1 drupal1 prion1