CVE-2009-4558

The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/35710	Patch
http://osvdb.org/55867
http://secunia.com/advisories/35879	Vendor Advisory
http://drupal.org/node/520564	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51787

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:unleashedmind:img_assist:5.x-1.3:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.2:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-1.0:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-2.x-dev:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.7:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-2.x-dev:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.x-dev:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha3:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-3.x-dev:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha1:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.1:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-1.0-beta1:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.5:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.4:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha3:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha2:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.6:::::::*
	cpe:2.3:a:unleashedmind:img_assist:6.x-1.x-dev:::::::*
	cpe:2.3:a:unleashedmind:img_assist:5.x-1.0:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Information

Published : 2010-01-04 13:30

Updated : 2017-08-16 18:31

NVD link : CVE-2009-4558

Mitre link : CVE-2009-4558

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

drupal

drupal

unleashedmind

img_assist

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/35710", "name": "35710", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://osvdb.org/55867", "name": "55867", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/35879", "name": "35879", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://drupal.org/node/520564", "name": "http://drupal.org/node/520564", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51787", "name": "imageassist-title-information-disclosure(51787)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4558", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-01-04T21:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-2.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-2.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-3.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-1.0-beta1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:6.x-1.x-dev:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unleashedmind:img_assist:5.x-1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:31Z"}