VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2009-4851

xoops: The activation resend function in the Profiles modu...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4851

Original

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-07

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-10

Affected Product Tags

cpe:/a:xoops:xoops:1.0

cpe:/a:xoops:xoops:1.0_rc1

cpe:/a:xoops:xoops:1.0_rc3

cpe:/a:xoops:xoops:1.0_rc3.0.5

cpe:/a:xoops:xoops:1.3.10

cpe:/a:xoops:xoops:1.3.5

cpe:/a:xoops:xoops:1.3.6

cpe:/a:xoops:xoops:1.3.7

cpe:/a:xoops:xoops:1.3.8

cpe:/a:xoops:xoops:1.3.9

cpe:/a:xoops:xoops:2.0.0

cpe:/a:xoops:xoops:2.0.0_rc1

cpe:/a:xoops:xoops:2.0.0_rc2

cpe:/a:xoops:xoops:2.0.0_rc3

cpe:/a:xoops:xoops:2.0.1

cpe:/a:xoops:xoops:2.0.10

cpe:/a:xoops:xoops:2.0.10_rc

cpe:/a:xoops:xoops:2.0.11

cpe:/a:xoops:xoops:2.0.12

cpe:/a:xoops:xoops:2.0.12a

cpe:/a:xoops:xoops:2.0.13

cpe:/a:xoops:xoops:2.0.13.1

cpe:/a:xoops:xoops:2.0.13.2

cpe:/a:xoops:xoops:2.0.14

cpe:/a:xoops:xoops:2.0.14-rc1

cpe:/a:xoops:xoops:2.0.15

cpe:/a:xoops:xoops:2.0.16

cpe:/a:xoops:xoops:2.0.17

cpe:/a:xoops:xoops:2.0.17.1

cpe:/a:xoops:xoops:2.0.18

cpe:/a:xoops:xoops:2.0.18.1

cpe:/a:xoops:xoops:2.0.2

cpe:/a:xoops:xoops:2.0.3

cpe:/a:xoops:xoops:2.0.4

cpe:/a:xoops:xoops:2.0.5.1

cpe:/a:xoops:xoops:2.0.5.2

cpe:/a:xoops:xoops:2.0.5_rc

cpe:/a:xoops:xoops:2.0.6

cpe:/a:xoops:xoops:2.0.7

cpe:/a:xoops:xoops:2.0.7.1

cpe:/a:xoops:xoops:2.0.7.2

cpe:/a:xoops:xoops:2.0.7.3

cpe:/a:xoops:xoops:2.0.9

cpe:/a:xoops:xoops:2.0.9.2

cpe:/a:xoops:xoops:2.0.9.3

cpe:/a:xoops:xoops:2.3.0

cpe:/a:xoops:xoops:2.3.0_alpha1

cpe:/a:xoops:xoops:2.3.0_alpha2

cpe:/a:xoops:xoops:2.3.0_alpha_3

cpe:/a:xoops:xoops:2.3.0_beta

cpe:/a:xoops:xoops:2.3.0_rc

cpe:/a:xoops:xoops:2.3.0_rc2

cpe:/a:xoops:xoops:2.3.0_rc3

cpe:/a:xoops:xoops:2.3.1

cpe:/a:xoops:xoops:2.3.1_rc

cpe:/a:xoops:xoops:2.3.2a

cpe:/a:xoops:xoops:2.3.2b

cpe:/a:xoops:xoops:2.3.3

cpe:/a:xoops:xoops:2.4.0 and previous versions

cpe:/a:xoops:xoops:2.4.0_beta_1

cpe:/a:xoops:xoops:2.4.0_beta_2

cpe:/a:xoops:xoops:2.4.0_rc

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.xoops.org/modules/news/article.php?storyid=5096

MISC http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132

SECUNIA 37274

VUPEN ADV-2009-3256

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)