Lucene search

[email protected]NVD:CVE-2012-2702

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-2702

2012-06-2700:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid.

Affected configurations

Nvd

Node

tony_freixasubercart_product_keysMatch6.x-1.0

tony_freixasubercart_product_keysMatch6.x-1.0alpha1

tony_freixasubercart_product_keysMatch6.x-1.0alpha2

tony_freixasubercart_product_keysMatch6.x-1.0alpha3

tony_freixasubercart_product_keysMatch6.x-1.0beta1

tony_freixasubercart_product_keysMatch6.x-1.0rc1

tony_freixasubercart_product_keysMatch6.x-1.0rc2

AND

drupaldrupalMatch-

VendorProductVersionCPE
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:*:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:beta1:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc1:*:*:*:*:*:*
tony_freixasubercart_product_keys6.x-1.0cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc2:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:::::::*
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha1::::::
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha2::::::
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:alpha3::::::
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:beta1::::::
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc1::::::
tony_freixas	ubercart_product_keys	6.x-1.0	cpe:2.3:a:tony_freixas:ubercart_product_keys:6.x-1.0:rc2::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1580752

drupal.org/node/1585532

drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261

osvdb.org/82005

secunia.com/advisories/49169

www.openwall.com/lists/oss-security/2012/06/14/3

exchange.xforce.ibmcloud.com/vulnerabilities/75720

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Related for NVD:CVE-2012-2702

cvelist1 drupal1 cve1 prion1