5

CVE-2012-5652

Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version6.0
DrupalDrupal Version6.0 Updatebeta1
DrupalDrupal Version6.0 Updatebeta2
DrupalDrupal Version6.0 Updatebeta3
DrupalDrupal Version6.0 Updatebeta4
DrupalDrupal Version6.0 Updatedev
DrupalDrupal Version6.0 Updaterc1
DrupalDrupal Version6.0 Updaterc2
DrupalDrupal Version6.0 Updaterc3
DrupalDrupal Version6.0 Updaterc4
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
DrupalDrupal Version6.4
DrupalDrupal Version6.5
DrupalDrupal Version6.6
DrupalDrupal Version6.7
DrupalDrupal Version6.8
DrupalDrupal Version6.9
DrupalDrupal Version6.10
DrupalDrupal Version6.11
DrupalDrupal Version6.12
DrupalDrupal Version6.13
DrupalDrupal Version6.14
DrupalDrupal Version6.15
DrupalDrupal Version6.16
DrupalDrupal Version6.17
DrupalDrupal Version6.18
DrupalDrupal Version6.19
DrupalDrupal Version6.20
DrupalDrupal Version6.21
DrupalDrupal Version6.22
DrupalDrupal Version6.23
DrupalDrupal Version6.24
DrupalDrupal Version6.25
DrupalDrupal Version6.26
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.44% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://drupal.org/SA-CORE-2012-004
Patch
Vendor Advisory
http://drupalcode.org/project/drupal.git/commitdiff/da8023a
Patch
http://www.debian.org/security/2013/dsa-2776
http://www.openwall.com/lists/oss-security/2012/12/20/1
http://www.securityfocus.com/bid/56993
http://osvdb.org/88527
http://secunia.com/advisories/51517
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80794