Lucene search

[email protected]NVD:CVE-2012-4494

HistoryOct 31, 2012 - 4:55 p.m.

CVE-2012-4494

2012-10-3116:55:03

CWE-264

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Affected configurations

NVD

Node

niifshibb_authMatch7.x-4.0

AND

drupaldrupalMatch-

References

drupal.org/node/1493244

drupal.org/node/1719392

drupalcode.org/project/shib_auth.git/commitdiff/2032f0a

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for NVD:CVE-2012-4494

prion1 cvelist1 cve1