5
CVE-2009-3568
- EPSS 1.44%
- Veröffentlicht 06.10.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginComment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dave Reid ≫ Commentrss Version5.x-2.1
Dave Reid ≫ Commentrss Version6.x-2.1
Gabor Hojtsy ≫ Commentrss Version5.x-1.0
Gabor Hojtsy ≫ Commentrss Version5.x-1.1
Gabor Hojtsy ≫ Commentrss Version5.x-1.2
Gabor Hojtsy ≫ Commentrss Version5.x-1.x Updatedev
Gabor Hojtsy ≫ Commentrss Version5.x-2.0
Gabor Hojtsy ≫ Commentrss Version5.x-2.x Updatedev
Gabor Hojtsy ≫ Commentrss Version6.x-1.0
Gabor Hojtsy ≫ Commentrss Version6.x-1.1
Gabor Hojtsy ≫ Commentrss Version6.x-1.2
Gabor Hojtsy ≫ Commentrss Version6.x-2.0
Gabor Hojtsy ≫ Commentrss Version6.x-2.x Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://drupal.org/node/579280
http://drupal.org/node/579290
http://drupal.org/node/579292
http://secunia.com/advisories/36787
http://www.osvdb.org/58177
http://www.securityfocus.com/bid/36429