medium
6.8
CWE
352
Advisory Published
CVE Published
Updated

CVE-2012-5556: CSRF

First published: Mon Dec 03 2012(Updated: )

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Restful Web Services=7.x-1.0
Restful Web Services=7.x-1.0-beta1
Restful Web Services=7.x-1.0-beta2
Restful Web Services=7.x-1.x-dev
Restful Web Services=7.x-2.0-alpha1
Restful Web Services=7.x-2.0-alpha2
Restful Web Services=7.x-2.x-dev
Drupal

Remedy

http://drupal.org/node/1840722

Remedy

http://drupal.org/node/1840728

Remedy

http://drupal.org/node/1840740

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2012-5556?

    CVE-2012-5556 is rated as a critical vulnerability due to its potential to allow remote attackers to hijack user authentication.

  • How do I fix CVE-2012-5556?

    To fix CVE-2012-5556, you should update the Restful Web Services module to version 7.x-1.1 or later for 7.x-1.x, and 7.x-2.0-alpha3 or later for 7.x-2.x.

  • What are the potential impacts of CVE-2012-5556?

    The potential impacts of CVE-2012-5556 include unauthorized access and actions on behalf of authenticated users due to CSRF vulnerabilities.

  • Which versions of Restful Web Services are affected by CVE-2012-5556?

    Versions 7.x-1.0, 7.x-1.0-beta1, 7.x-1.0-beta2, 7.x-1.x-dev, 7.x-2.0-alpha1, 7.x-2.0-alpha2, and 7.x-2.x-dev are affected by CVE-2012-5556.

  • Who can be impacted by CVE-2012-5556?

    Any user of Drupal installations with the affected versions of the Restful Web Services module can be impacted by CVE-2012-5556.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203