CVE-2012-1056

Current Description

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.

Basic Data

PublishedFebruary 14, 2012
Last ModifiedAugust 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationSean RobertsonForward6.x-1.0*******
      2.3ApplicationSean RobertsonForward6.x-1.1*******
      2.3ApplicationSean RobertsonForward6.x-1.2*******
      2.3ApplicationSean RobertsonForward6.x-1.3*******
      2.3ApplicationSean RobertsonForward6.x-1.4*******
      2.3ApplicationSean RobertsonForward6.x-1.5*******
      2.3ApplicationSean RobertsonForward6.x-1.6*******
      2.3ApplicationSean RobertsonForward6.x-1.7*******
      2.3ApplicationSean RobertsonForward6.x-1.8*******
      2.3ApplicationSean RobertsonForward6.x-1.9*******
      2.3ApplicationSean RobertsonForward6.x-1.10*******
      2.3ApplicationSean RobertsonForward6.x-1.11*******
      2.3ApplicationSean RobertsonForward6.x-1.12*******
      2.3ApplicationSean RobertsonForward6.x-1.13*******
      2.3ApplicationSean RobertsonForward6.x-1.14*******
      2.3ApplicationSean RobertsonForward6.x-1.15*******
      2.3ApplicationSean RobertsonForward6.x-1.16*******
      2.3ApplicationSean RobertsonForward6.x-1.17*******
      2.3ApplicationSean RobertsonForward6.x-1.18*******
      2.3ApplicationSean RobertsonForward6.x-1.19*******
      2.3ApplicationSean RobertsonForward6.x-1.20*******
      2.3ApplicationSean RobertsonForward6.x-1.x-dev*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationDrupalDrupal********
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationSean RobertsonForward7.x-1.0*******
      2.3ApplicationSean RobertsonForward7.x-1.0alpha1******
      2.3ApplicationSean RobertsonForward7.x-1.0alpha2******
      2.3ApplicationSean RobertsonForward7.x-1.0alpha3******
      2.3ApplicationSean RobertsonForward7.x-1.0rc1******
      2.3ApplicationSean RobertsonForward7.x-1.0rc2******
      2.3ApplicationSean RobertsonForward7.x-1.0rc3******
      2.3ApplicationSean RobertsonForward7.x-1.0rc4******
      2.3ApplicationSean RobertsonForward7.x-1.1*******
      2.3ApplicationSean RobertsonForward7.x-1.2*******
      2.3ApplicationSean RobertsonForward7.x-1.x-dev*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationDrupalDrupal********

Vulnerable Software List

VendorProductVersions
Sean Robertson Forward 6.x-1.0, 6.x-1.1, 6.x-1.10, 6.x-1.11, 6.x-1.12, 6.x-1.13, 6.x-1.14, 6.x-1.15, 6.x-1.16, 6.x-1.17, 6.x-1.18, 6.x-1.19, 6.x-1.2, 6.x-1.20, 6.x-1.3, 6.x-1.4, 6.x-1.5, 6.x-1.6, 6.x-1.7, 6.x-1.8, 6.x-1.9, 6.x-1.x-dev, 7.x-1.0, 7.x-1.1, 7.x-1.2, 7.x-1.x-dev

References

NameSourceURLTags
http://drupal.org/node/1423722http://drupal.org/node/1423722CONFIRMPATCH
http://drupal.org/node/1425150http://drupal.org/node/1425150CONFIRMPATCH Vendor Advisory
78817http://osvdb.org/78817OSVDB
47851http://secunia.com/advisories/47851SECUNIAVendor Advisory
51826http://www.securityfocus.com/bid/51826BID
drupal-multiple-blocks-security-bypass(72920)https://exchange.xforce.ibmcloud.com/vulnerabilities/72920XF