Vulnerability CVE-2012-1645
Published: 2012-08-28

Description:
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Wimleers -> CDN 

 References:
https://drupal.org/node/1441502
http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
http://drupal.org/node/1441482
http://www.osvdb.org/79317
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://secunia.com/advisories/48032
http://drupal.org/node/1441480
Copyright 2024, cxsecurity.com

 

Back to Top