CVE-2008-3744
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.2%
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| drupal | drupal | 5.0 | cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:* |
| drupal | drupal | 5.1 | cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:* |
| drupal | drupal | 5.2 | cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:* |
| drupal | drupal | 5.3 | cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:* |
| drupal | drupal | 5.4 | cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:* |
| drupal | drupal | 5.5 | cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:* |
| drupal | drupal | 5.6 | cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:* |
| drupal | drupal | 5.7 | cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:* |
| drupal | drupal | 5.8 | cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:* |
| drupal | drupal | 5.9 | cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:* |
References
drupal.org/node/295053
secunia.com/advisories/31462
secunia.com/advisories/31825
www.securityfocus.com/bid/30689
www.vupen.com/english/advisories/2008/2392
bugzilla.redhat.com/show_bug.cgi?id=459108
exchange.xforce.ibmcloud.com/vulnerabilities/44448
www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.2%