The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://drupal.org/node/1441480 - | |
References | () http://drupal.org/node/1441482 - Patch | |
References | () http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff - Patch | |
References | () http://drupalcode.org/project/cdn.git/commitdiff/eca85e6 - Patch | |
References | () http://secunia.com/advisories/48032 - Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2012/04/07/1 - | |
References | () http://www.osvdb.org/79317 - | |
References | () https://drupal.org/node/1441502 - Patch, Vendor Advisory |
Information
Published : 2012-08-28 17:55
Updated : 2024-11-21 01:37
NVD link : CVE-2012-1645
Mitre link : CVE-2012-1645
CVE.ORG link : CVE-2012-1645
JSON object : View
Products Affected
wimleers
- cdn
drupal
- drupal
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor