Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
References
Link | Resource |
---|---|
http://drupal.org/node/579280 | Patch Vendor Advisory |
http://drupal.org/node/579290 | Patch Vendor Advisory |
http://drupal.org/node/579292 | Patch Vendor Advisory |
http://secunia.com/advisories/36787 | Vendor Advisory |
http://www.osvdb.org/58177 | |
http://www.securityfocus.com/bid/36429 | |
http://drupal.org/node/579280 | Patch Vendor Advisory |
http://drupal.org/node/579290 | Patch Vendor Advisory |
http://drupal.org/node/579292 | Patch Vendor Advisory |
http://secunia.com/advisories/36787 | Vendor Advisory |
http://www.osvdb.org/58177 | |
http://www.securityfocus.com/bid/36429 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://drupal.org/node/579280 - Patch, Vendor Advisory | |
References | () http://drupal.org/node/579290 - Patch, Vendor Advisory | |
References | () http://drupal.org/node/579292 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/36787 - Vendor Advisory | |
References | () http://www.osvdb.org/58177 - | |
References | () http://www.securityfocus.com/bid/36429 - |
Information
Published : 2009-10-06 20:30
Updated : 2024-11-21 01:07
NVD link : CVE-2009-3568
Mitre link : CVE-2009-3568
CVE.ORG link : CVE-2009-3568
JSON object : View
Products Affected
gabor_hojtsy
- commentrss
drupal
- drupal
dave_reid
- commentrss
CWE
CWE-264
Permissions, Privileges, and Access Controls