FKIE_CVE-2012-0826

Vulnerability from fkie_nvd - Published: 2013-10-28 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
References
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2776
secalert@redhat.comhttps://drupal.org/node/1425084Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2776
af854a3a-2127-422b-91ae-364da2661108https://drupal.org/node/1425084Vendor Advisory
Impacted products
Vendor Product Version
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.0
drupal drupal 6.1
drupal drupal 6.2
drupal drupal 6.3
drupal drupal 6.4
drupal drupal 6.5
drupal drupal 6.6
drupal drupal 6.7
drupal drupal 6.8
drupal drupal 6.9
drupal drupal 6.10
drupal drupal 6.11
drupal drupal 6.12
drupal drupal 6.13
drupal drupal 6.14
drupal drupal 6.15
drupal drupal 6.16
drupal drupal 6.17
drupal drupal 6.18
drupal drupal 6.19
drupal drupal 6.20
drupal drupal 6.21
drupal drupal 6.22
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.0
drupal drupal 7.1
drupal drupal 7.2
drupal drupal 7.3
drupal drupal 7.4
drupal drupal 7.5
drupal drupal 7.6
drupal drupal 7.7
drupal drupal 7.8
drupal drupal 7.9
drupal drupal 7.10
drupal drupal 7.x-dev
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE07AAD-9207-4C5F-A108-7F7753E4F48C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "D4149703-F7BB-4513-9379-992C089532D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "FCBC7BB8-2B50-476D-BD96-C968F105CE10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "550778E2-BEE5-403D-8744-0B18C5D3AFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "31B9F954-3A10-4378-A842-4061E97056DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "5BD3F6D1-2530-4B4C-86BE-DFDB886BF6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FDF535DF-2338-4BF8-A9AC-3B6C60C4D591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "58876D53-BCE4-459E-AC75-37E4E46621CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "937F4629-2AA1-4954-BF72-8E9CAF1B67FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "6410BD0A-1B47-4EC2-8D2A-161ADBB09699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D8F291-CBEB-4EAA-9388-F63066A2DFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0BD5AEC-F20E-4E53-AF3F-2C60BA2D2171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D76BC5-0409-4D78-8064-A78B923E9167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB73B2E1-2554-4CA2-9C82-B694509CE43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7827ED-D8AF-42B3-B514-39A04EB0879A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F491DE31-8DBB-4F4E-8798-F82DC855D08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADEA9E5-10EB-4AB4-BD90-1F64A15708AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D0A167-BE47-4E4E-8467-0AD2F38A3431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CBB558-D5A3-4D68-9C62-D1D521BCFEF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D25FA1-2F31-40DB-AD54-DB233E060B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F91E944-26C4-4886-B9B9-F32BD15569BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DF00E9-3952-4D1C-8ED5-3270BD9697F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B779FA7-E371-4111-95B7-301C804DC0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89B2E01-DFC7-4672-85E7-3930EE653806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "39169C30-5F4D-4333-B0B9-0881811F1E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9703D3D-C2D3-4EA0-A67E-CC17B0146B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EEDA1EF-D7DB-47B5-BF6C-A9ED84427030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EFE9DB8-972F-4BE2-9087-ED38ACFAA822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F27EC1-48AF-402C-A1A6-0B66E693ABD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "54143AC5-9F03-4BD7-8FFE-A6DAE1634504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE98FD40-92FB-4417-85EB-FBACA56ED5BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D7A256-8631-4AD2-8B56-89FFE46A3892",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C33CAB-4633-418C-B162-20A2EC24E8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "CC3B1750-17AD-4386-B6EE-1AFC9CDFB6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "9E0C1873-22A6-4CE9-853D-2A40BD3D9E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "9F6DF608-0DA2-455F-AD28-7BE4A7548E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "7BCC306D-EB5D-4784-B0B1-B4F9370796F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "5639A5F3-CD18-451C-BA5A-3336C42BED83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "5B0A10CA-F59E-48AC-97E9-8476F63BAEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "07B7917C-5934-4AFF-B3DB-BE9B099B27FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "16731B53-3CD1-4B98-947B-7621162D8DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "BD738402-A50E-4AEB-8F42-607F52DE5540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "199AC10C-6E65-409B-8658-E26240B27E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "2B378BEF-B070-4955-A6B3-8F2ACBA96832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "19EC9A36-5EDC-4519-802E-BEA69B18800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C281EA7-8AE1-4D5A-B03B-B3BE37740195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "024CF5B1-1875-4785-ACAF-35ECCC7914A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5F446903-51AC-4FA3-BA90-C2EA59BBDB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE86CC5-956E-4F16-BE7B-2B1CAAEB5C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0AC1B21-D3BE-4B6A-AE40-8B395E81DD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5E8A73-1C02-4900-BC30-83084DC8371C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92A41E3-BF0F-49BD-9F0F-5FDC11BF2499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "937C3149-3F34-40D8-964D-FB65EBDF0BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CD183A-3777-44F9-8CA6-8E802058D099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C0CC63-558B-4750-8293-926BE9EAD42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA66BCA5-3934-449E-BAD3-D0DFBF4A04BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5030281C-CD4F-4106-A100-332A4C3C2AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D408134A-29E8-4D6A-9352-DB7F9CF55FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F860666-578F-4B48-ABCA-1B5F2697DEAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-site request forgery (CSRF) en el modulo Aggregator en Drupal 6.x anterior a 6.23 y 7.x anterior a 7.11 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas para consultas que actualizan feeds y posiblemente causar denegaci\u00f3n de servicio (perdida de actualizaciones debida a limite de tasa) a traves de vectores no especificados"
    }
  ],
  "id": "CVE-2012-0826",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-28T22:55:03.477",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2776"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://drupal.org/node/1425084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://drupal.org/node/1425084"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.