CVE-2010-4519:views: Multiple cross-site request forgery (CSRF) vulnerab...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4519

views: Multiple cross-site request forgery (CSRF) vulnerab...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4519

Original

Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-23

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-23

Affected Product Tags

cpe:/a:drupal:drupal

cpe:/a:earl_miles:views:5.x-1.0

cpe:/a:earl_miles:views:5.x-1.1:beta

cpe:/a:earl_miles:views:5.x-1.2:beta1

cpe:/a:earl_miles:views:5.x-1.3:beta1

cpe:/a:earl_miles:views:5.x-1.4-2:rc1

cpe:/a:earl_miles:views:5.x-1.4:rc1

cpe:/a:earl_miles:views:5.x-1.5

cpe:/a:earl_miles:views:5.x-1.6

cpe:/a:earl_miles:views:5.x-1.6:beta

cpe:/a:earl_miles:views:5.x-1.6:beta2

cpe:/a:earl_miles:views:5.x-1.6:beta3

cpe:/a:earl_miles:views:5.x-1.6:beta4

cpe:/a:earl_miles:views:5.x-1.6:beta5

cpe:/a:earl_miles:views:5.x-1.7

cpe:/a:earl_miles:views:5.x-1.x:dev

cpe:/a:earl_miles:views:6.x-2.0

cpe:/a:earl_miles:views:6.x-2.0:alpha1

cpe:/a:earl_miles:views:6.x-2.0:alpha2

cpe:/a:earl_miles:views:6.x-2.0:alpha3

cpe:/a:earl_miles:views:6.x-2.0:alpha4

cpe:/a:earl_miles:views:6.x-2.0:alpha5

cpe:/a:earl_miles:views:6.x-2.0:beta1

cpe:/a:earl_miles:views:6.x-2.0:beta2

cpe:/a:earl_miles:views:6.x-2.0:beta3

cpe:/a:earl_miles:views:6.x-2.0:beta4

cpe:/a:earl_miles:views:6.x-2.0:rc1

cpe:/a:earl_miles:views:6.x-2.0:rc2

cpe:/a:earl_miles:views:6.x-2.0:rc3

cpe:/a:earl_miles:views:6.x-2.0:rc4

cpe:/a:earl_miles:views:6.x-2.0:rc5

cpe:/a:earl_miles:views:6.x-2.1

cpe:/a:earl_miles:views:6.x-2.10

cpe:/a:earl_miles:views:6.x-2.2

cpe:/a:earl_miles:views:6.x-2.3

cpe:/a:earl_miles:views:6.x-2.4

cpe:/a:earl_miles:views:6.x-2.5

cpe:/a:earl_miles:views:6.x-2.6

cpe:/a:earl_miles:views:6.x-2.7

cpe:/a:earl_miles:views:6.x-2.8

cpe:/a:earl_miles:views:6.x-2.9

cpe:/a:earl_miles:views:6.x-2.x:dev

cpe:/a:earl_miles:views:6.x-3.0:alpha1

cpe:/a:earl_miles:views:6.x-3.0:alpha2

cpe:/a:earl_miles:views:6.x-3.0:alpha3

cpe:/a:earl_miles:views:6.x-3.x:dev

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://drupal.org/node/829840

MLIST [oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12

MLIST [oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12

Vulnerability Type Cross-Site Request Forgery (CSRF) (CWE-352)