1. CVE-Search
  2. CVE-2009-1576
ID CVE-2009-1576
Summary Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.13:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.14:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.15:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.16:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-05-2009 - 05:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
confirm
debian DSA-1792
fedora
  • FEDORA-2009-4175
  • FEDORA-2009-4203
misc http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch
osvdb 54153
secunia
  • 34948
  • 34950
  • 34980
vupen ADV-2009-1216
Last major update 20-05-2009 - 05:36
Published 06-05-2009 - 17:30
Last modified 20-05-2009 - 05:36
Back to Top