4.6

CVE-2009-4527

The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NiifShib Auth Version5.x-1.x Updatedev
   DrupalDrupal
NiifShib Auth Version5.x-2.1
   DrupalDrupal
NiifShib Auth Version5.x-2.2
   DrupalDrupal
NiifShib Auth Version5.x-2.4
   DrupalDrupal
NiifShib Auth Version5.x-2.5
   DrupalDrupal
NiifShib Auth Version5.x-2.x Updatedev
   DrupalDrupal
NiifShib Auth Version5.x-3.3
   DrupalDrupal
NiifShib Auth Version5.x-3.x Updatedev
   DrupalDrupal
NiifShib Auth Version6.x-1.x Updatedev
   DrupalDrupal
NiifShib Auth Version6.x-2.0
   DrupalDrupal
NiifShib Auth Version6.x-2.1
   DrupalDrupal
NiifShib Auth Version6.x-2.2
   DrupalDrupal
NiifShib Auth Version6.x-2.x Updatedev
   DrupalDrupal
NiifShib Auth Version6.x-3.0
   DrupalDrupal
NiifShib Auth Version6.x-3.0 Update1
   DrupalDrupal
NiifShib Auth Version6.x-3.1
   DrupalDrupal
NiifShib Auth Version6.x-3.x Updatedev
   DrupalDrupal
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.246
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/604488
Patch
Vendor Advisory
http://secunia.com/advisories/37057
Vendor Advisory
http://www.securityfocus.com/bid/36684
http://www.vupen.com/english/advisories/2009/2919
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53779