| Vulnerability Name: | CVE-2008-3744 (CCN-44448) | ||||||||
| Assigned: | 2008-08-13 | ||||||||
| Published: | 2008-08-13 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3744 Source: CCN Type: DRUPAL-SA-2008-047 Drupal core - Multiple vulnerabilities Source: CONFIRM Type: Patch http://drupal.org/node/295053 Source: CCN Type: SA31462 Drupal Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31462 Source: CCN Type: SA31522 vbDrupal Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31825 Source: CCN Type: SourceForge.net: Files vbDrupal, File Release Notes and Changelog, Release Name: 5.10.1 Source: CCN Type: OSVDB ID: 47492 Drupal User Access Rule Manipluation CSRF Source: BID Type: UNKNOWN 30689 Source: CCN Type: BID-30689 Drupal Remote Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2008-2392 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=459108 Source: XF Type: UNKNOWN drupal-user-access-csrf(44448) Source: XF Type: UNKNOWN drupal-user-access-csrf(44448) Source: FEDORA Type: UNKNOWN FEDORA-2008-7467 Source: FEDORA Type: UNKNOWN FEDORA-2008-7626 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||