Lucene search

[email protected]CVE-2012-4494

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4494

2022-10-0316:15:34

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-4494

shibboleth

authentication module

drupal

remote access vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Affected configurations

NVD

Node

niifshibb_authMatch7.x-4.0

AND

drupaldrupalMatch-

CPENameOperatorVersion
niif:shibb_authniif shibb autheq7.x-4.0

CPE	Name	Operator	Version
niif:shibb_auth	niif shibb auth	eq	7.x-4.0

References

drupal.org/node/1493244

drupal.org/node/1719392

drupalcode.org/project/shib_auth.git/commitdiff/2032f0a

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVE-2012-4494

prion1 nvd1 cvelist1