BID:53359

Drupal Core Multiple Access Security Bypass Vulnerabilities

Info

Drupal Core Multiple Access Security Bypass Vulnerabilities

Bugtraq ID:	53359
Class:	Access Validation Error
CVE:	CVE-2012-1591 CVE-2012-1590
Remote:	Yes
Local:	No
Published:	May 02 2012 12:00AM
Updated:	May 02 2012 12:00AM
Credit:	Glen W, frega, Andreas Gonell, Jeremy Meier and Xenza
Vulnerable:	Drupal Drupal 7.X Drupal Drupal 7.6 Drupal Drupal 7.5 Drupal Drupal 7.4 Drupal Drupal 7.3 Drupal Drupal 7.2 Drupal Drupal 7.12 Drupal Drupal 7.11 Drupal Drupal 7.10 Drupal Drupal 7.1 Drupal Drupal 7.0 Dev Drupal Drupal 7.0 Alpha7 Drupal Drupal 7.0 Alpha6 Drupal Drupal 7.0 Alpha5 Drupal Drupal 7.0 Alpha4 Drupal Drupal 7.0 Alpha3 Drupal Drupal 7.0 Alpha2 Drupal Drupal 7.0 Alpha1 Drupal Drupal 7.0

Not Vulnerable:	Drupal Drupal 7.13

Discussion

Drupal Core Multiple Access Security Bypass Vulnerabilities

Drupal is prone to multiple security-bypass vulnerabilities.

An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Drupal versions 7.x through 7.12 are vulnerable.

Exploit / POC

Drupal Core Multiple Access Security Bypass Vulnerabilities

Attackers can exploit these issues through a browser.

Solution / Fix

Drupal Core Multiple Access Security Bypass Vulnerabilities

Solution:
Updates are available; please see the references for more information.

References

Drupal Core Multiple Access Security Bypass Vulnerabilities

References:

Drupal Homepage (Drupal)
SA-CORE-2012-002 - Drupal core multiple vulnerabilities (Drupal)