| Vulnerability Name: | CVE-2006-4717 (CCN-29108) | ||||||||
| Assigned: | 2006-09-08 | ||||||||
| Published: | 2006-09-08 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. Drupal core is not affected. If you do not use the pubcookie module, no action is necessary. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-4717 Source: CCN Type: DRUPAL-SA-2006-019 Pubcookie security bypass Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/83064 Source: CCN Type: Drupal Web site Pubcookie Module Source: CCN Type: SA21811 Drupal Pubcookie Module Login Security Bypass Source: SECUNIA Type: Patch, Vendor Advisory 21811 Source: OSVDB Type: UNKNOWN 28623 Source: CCN Type: OSVDB ID: 28623 Drupal Pubcookie Module Authentication Bypass Source: BID Type: Patch 19920 Source: CCN Type: BID-19920 Drupal Pubcookie.Module Authentication Bypass Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-3530 Source: XF Type: UNKNOWN pubcookie-drupal-login-security-bypass(29108) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||