Summary: | <www-apps/drupal-7.12 : Security Issue and Security Bypass Vulnerability (CVE-2012-{0825,0826,0827}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://drupal.org/node/1425084 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-02-02 20:46:10 UTC
6.24 and 7.12 added to CVS. (In reply to comment #1) > 6.24 and 7.12 added to CVS. thanks, closing. CVE-2012-0825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0825): Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. |