CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/152804	Patch
http://drupal.org/node/158029	Patch
http://drupal.org/node/158032	Patch
http://www.securityfocus.com/bid/24862
http://secunia.com/advisories/25978
http://osvdb.org/37897
http://www.vupen.com/english/advisories/2007/2470
https://exchange.xforce.ibmcloud.com/vulnerabilities/35314

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:print_module::::::::
	cpe:2.3:a:drupal:print_module::::::::

Information

Published : 2007-07-11 10:30

Updated : 2017-07-28 18:32

NVD link : CVE-2007-3689

Mitre link : CVE-2007-3689

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

drupal

print_module

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://drupal.org/node/152804", "name": "http://drupal.org/node/152804", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://drupal.org/node/158029", "name": "http://drupal.org/node/158029", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://drupal.org/node/158032", "name": "http://drupal.org/node/158032", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24862", "name": "24862", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25978", "name": "25978", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/37897", "name": "37897", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2470", "name": "ADV-2007-2470", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35314", "name": "printfriendlypages-url-security-bypass(35314)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3689", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-07-11T17:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:print_module:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.7"}, {"cpe23Uri": "cpe:2.3:a:drupal:print_module:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.x-1.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}