CVE-2012-0826: CSRF

First published: Mon Oct 28 2013(Updated: )

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Drupal Drupal	=6.0
Drupal Drupal	=6.0-beta1
Drupal Drupal	=6.0-beta2
Drupal Drupal	=6.0-beta3
Drupal Drupal	=6.0-beta4
Drupal Drupal	=6.0-dev
Drupal Drupal	=6.0-rc1
Drupal Drupal	=6.0-rc2
Drupal Drupal	=6.0-rc3
Drupal Drupal	=6.0-rc4
Drupal Drupal	=6.1
Drupal Drupal	=6.2
Drupal Drupal	=6.3
Drupal Drupal	=6.4
Drupal Drupal	=6.5
Drupal Drupal	=6.6
Drupal Drupal	=6.7
Drupal Drupal	=6.8
Drupal Drupal	=6.9
Drupal Drupal	=6.10
Drupal Drupal	=6.11
Drupal Drupal	=6.12
Drupal Drupal	=6.13
Drupal Drupal	=6.14
Drupal Drupal	=6.15
Drupal Drupal	=6.16
Drupal Drupal	=6.17
Drupal Drupal	=6.18
Drupal Drupal	=6.19
Drupal Drupal	=6.20
Drupal Drupal	=6.21
Drupal Drupal	=6.22
Drupal Drupal	=7.0
Drupal Drupal	=7.0-alpha1
Drupal Drupal	=7.0-alpha2
Drupal Drupal	=7.0-alpha3
Drupal Drupal	=7.0-alpha4
Drupal Drupal	=7.0-alpha5
Drupal Drupal	=7.0-alpha6
Drupal Drupal	=7.0-alpha7
Drupal Drupal	=7.0-beta1
Drupal Drupal	=7.0-beta2
Drupal Drupal	=7.0-beta3
Drupal Drupal	=7.0-dev
Drupal Drupal	=7.0-rc1
Drupal Drupal	=7.0-rc2
Drupal Drupal	=7.0-rc3
Drupal Drupal	=7.0-rc4
Drupal Drupal	=7.1
Drupal Drupal	=7.2
Drupal Drupal	=7.3
Drupal Drupal	=7.4
Drupal Drupal	=7.5
Drupal Drupal	=7.6
Drupal Drupal	=7.7
Drupal Drupal	=7.8
Drupal Drupal	=7.9
Drupal Drupal	=7.10
Drupal Drupal	=7.x-dev

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/drupal
canonical/drupal drupal
version/drupal drupal/6.0
version/drupal drupal/6.0-beta1
version/drupal drupal/6.0-beta2
version/drupal drupal/6.0-beta3
version/drupal drupal/6.0-beta4
version/drupal drupal/6.0-dev
version/drupal drupal/6.0-rc1
version/drupal drupal/6.0-rc2
version/drupal drupal/6.0-rc3
version/drupal drupal/6.0-rc4
version/drupal drupal/6.1
version/drupal drupal/6.2
version/drupal drupal/6.3
version/drupal drupal/6.4
version/drupal drupal/6.5
version/drupal drupal/6.6
version/drupal drupal/6.7
version/drupal drupal/6.8
version/drupal drupal/6.9
version/drupal drupal/6.10
version/drupal drupal/6.11
version/drupal drupal/6.12
version/drupal drupal/6.13
version/drupal drupal/6.14
version/drupal drupal/6.15
version/drupal drupal/6.16
version/drupal drupal/6.17
version/drupal drupal/6.18
version/drupal drupal/6.19
version/drupal drupal/6.20
version/drupal drupal/6.21
version/drupal drupal/6.22
version/drupal drupal/7.0
version/drupal drupal/7.0-alpha1
version/drupal drupal/7.0-alpha2
version/drupal drupal/7.0-alpha3
version/drupal drupal/7.0-alpha4
version/drupal drupal/7.0-alpha5
version/drupal drupal/7.0-alpha6
version/drupal drupal/7.0-alpha7
version/drupal drupal/7.0-beta1
version/drupal drupal/7.0-beta2
version/drupal drupal/7.0-beta3
version/drupal drupal/7.0-dev
version/drupal drupal/7.0-rc1
version/drupal drupal/7.0-rc2
version/drupal drupal/7.0-rc3
version/drupal drupal/7.0-rc4
version/drupal drupal/7.1
version/drupal drupal/7.2
version/drupal drupal/7.3
version/drupal drupal/7.4
version/drupal drupal/7.5
version/drupal drupal/7.6
version/drupal drupal/7.7
version/drupal drupal/7.8
version/drupal drupal/7.9
version/drupal drupal/7.10
version/drupal drupal/7.x-dev

CVE-2012-0826: CSRF

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact