Lucene search

RedhatCVE-2012-5547

HistoryDec 03, 2012 - 9:55 p.m.

CVE-2012-5547

2012-12-0321:55:02

CWE-352

redhat

web.nvd.nist.gov

cve-2012-5547

csrf

drupal

search api

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action.

Affected configurations

Nvd

Node

thomas_seidlsearch_apiMatch7.x-1.0

thomas_seidlsearch_apiMatch7.x-1.0beta1

thomas_seidlsearch_apiMatch7.x-1.0beta10

thomas_seidlsearch_apiMatch7.x-1.0beta2

thomas_seidlsearch_apiMatch7.x-1.0beta3

thomas_seidlsearch_apiMatch7.x-1.0beta4

thomas_seidlsearch_apiMatch7.x-1.0beta5

thomas_seidlsearch_apiMatch7.x-1.0beta6

thomas_seidlsearch_apiMatch7.x-1.0beta7

thomas_seidlsearch_apiMatch7.x-1.0beta8

thomas_seidlsearch_apiMatch7.x-1.0beta9

thomas_seidlsearch_apiMatch7.x-1.0rc1

thomas_seidlsearch_apiMatch7.x-1.1

thomas_seidlsearch_apiMatch7.x-1.2

thomas_seidlsearch_apiMatch7.x-1.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:*:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7:*:*:*:*:*:*
thomas_seidlsearch_api7.x-1.0cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8:*:*:*:*:*:*

Vendor	Product	Version	CPE
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:::::::*
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta1::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta10::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta2::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta3::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta4::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta5::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta6::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta7::::::
thomas_seidl	search_api	7.x-1.0	cpe:2.3:a:thomas_seidl:search_api:7.x-1.0:beta8::::::

Rows per page:

1-10 of 161

References

drupal.org/node/1815124

drupal.org/node/1815770

www.openwall.com/lists/oss-security/2012/11/20/4

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.8%

JSON

Related for CVE-2012-5547