Vulnerability CVE-2012-4554

Vulnerability Name:

CVE-2012-4554 (CCN-79410)

Assigned:

2012-10-17

Published:

2012-10-17

Updated:

2012-11-12

Summary:

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2012-4554

Source: CCN
Type: SA-CORE-2012-003
Drupal core - Arbitrary PHP code execution and Information disclosure

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/1815912

Source: CONFIRM
Type: Patch
http://drupalcode.org/project/drupal.git/commit/b912710

Source: CCN
Type: SA50955
Drupal OpenID Module DOCTYPE Handling File Disclosure Vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20121029 CVE request: Drupal SA-CORE-2012-003

Source: MLIST
Type: UNKNOWN
[oss-security] 20121029 Re: CVE request: Drupal SA-CORE-2012-003

Source: CCN
Type: OSVDB ID: 86429
Drupal OpenID Module DOCTYPE Parsing Arbitrary File Access

Source: CCN
Type: BID-56103
Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

Source: XF
Type: UNKNOWN
drupal-openid-info-disc(79410)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
Drupal OpenID External Entity Injection

Vulnerable Configuration:

Configuration 1:

cpe:/a:drupal:drupal:7.0:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:beta1:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:beta2:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:beta3:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:dev:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:rc1:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:rc2:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:rc3:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.0:rc4:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.1:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.2:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.3:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.4:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.5:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.6:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.7:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.8:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.9:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.10:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.11:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.12:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.13:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.14:*:*:*:*:*:*:*

OR cpe:/a:drupal:drupal:7.15:*:*:*:*:*:*:*

Configuration CCN 1: