CVE-2012-0825

Sažetak

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Reference

http://openid.net/2011/05/05/attribute-exchange-security-alert/
http://www.debian.org/security/2013/dsa-2776
https://drupal.org/node/1425084

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2014 - 04:54

Objavljeno

28-10-2013 - 22:55