VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2353
cck: The Node Reference module in Content Construction K...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2353

Original

The Node Reference module in Content Construction Kit (CCK) module 6.x before 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote attackers to discover titles and IDs of controlled nodes.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-21
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-22




Affected Product Tags
cpe:/a:drupal:drupal
cpe:/a:yves_chedemois:cck:6.x-1.0-alpha
cpe:/a:yves_chedemois:cck:6.x-1.x-dev
cpe:/a:yves_chedemois:cck:6.x-2.0
cpe:/a:yves_chedemois:cck:6.x-2.0:beta
cpe:/a:yves_chedemois:cck:6.x-2.0:rc1
cpe:/a:yves_chedemois:cck:6.x-2.0:rc10
cpe:/a:yves_chedemois:cck:6.x-2.0:rc2
cpe:/a:yves_chedemois:cck:6.x-2.0:rc3
cpe:/a:yves_chedemois:cck:6.x-2.0:rc4
cpe:/a:yves_chedemois:cck:6.x-2.0:rc5
cpe:/a:yves_chedemois:cck:6.x-2.0:rc6
cpe:/a:yves_chedemois:cck:6.x-2.0:rc7
cpe:/a:yves_chedemois:cck:6.x-2.0:rc8
cpe:/a:yves_chedemois:cck:6.x-2.0:rc9
cpe:/a:yves_chedemois:cck:6.x-2.1
cpe:/a:yves_chedemois:cck:6.x-2.2
cpe:/a:yves_chedemois:cck:6.x-2.3
cpe:/a:yves_chedemois:cck:6.x-2.4
cpe:/a:yves_chedemois:cck:6.x-2.5
cpe:/a:yves_chedemois:cck:6.x-2.6
cpe:/a:yves_chedemois:cck:6.x-2.x-dev
cpe:/a:yves_chedemois:cck:6.x-3.x-dev
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://drupal.org/node/829566




OSVDB 65615




SECUNIA 40243




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




XF cck-noderef-info-disc(59515)




Copyright © 2010 JPCERT/CC All Rights Reserved.