6.3 Medium
AI Score
Confidence
Low
0.166 Low
EPSS
Percentile
96.1%
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
drupal.org/node/1815912
drupalcode.org/project/drupal.git/commit/b912710
www.openwall.com/lists/oss-security/2012/10/29/4
www.openwall.com/lists/oss-security/2012/10/30/5