CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/152804	Patch
http://drupal.org/node/158029	Patch
http://drupal.org/node/158032	Patch
http://osvdb.org/37897
http://secunia.com/advisories/25978
http://www.securityfocus.com/bid/24862
http://www.vupen.com/english/advisories/2007/2470
https://exchange.xforce.ibmcloud.com/vulnerabilities/35314

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:print_module::::::::
	cpe:2.3:a:drupal:print_module::::::::

History

No history.

Information

Published : 2007-07-11 17:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3689

Mitre link : CVE-2007-3689

CVE.ORG link : CVE-2007-3689

JSON object : View

Products Affected

drupal

print_module

CWE

NVD-CWE-Other

{"id": "CVE-2007-3689", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-11T17:30:00.000", "references": [{"url": "http://drupal.org/node/152804", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/158029", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/158032", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37897", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25978", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24862", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2470", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35314", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments."}, {"lang": "es", "value": "El m\u00f3dulo Print anterior al 4.7-1.0 y el 5.x anterior al 5.x-1.2 para el Drupal permite a atacantes remotos leer los anuncios restringidos en el (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite y otros m\u00f3dulos de acceso sin especificar, a trav\u00e9s de argumentos URL modificados."}], "lastModified": "2017-07-29T01:32:28.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:print_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5000E29D-E826-4C77-B141-B8F483D837AA", "versionEndIncluding": "4.7"}, {"criteria": "cpe:2.3:a:drupal:print_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54CC380C-A5C4-4B72-B0E4-201CBD4B238E", "versionEndIncluding": "5.x-1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}