Drupal Core Access Bypass Vulnerability
BID:53362
Info
Drupal Core Access Bypass Vulnerability
| Bugtraq ID: | 53362 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-2153 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2012 12:00AM |
| Updated: | May 02 2012 12:00AM |
| Credit: | Jennifer Hodgdon |
| Vulnerable: |
Drupal Drupal 7.12 Drupal Drupal 7.11 Drupal Drupal 7.10 Drupal Drupal 7.1 |
| Not Vulnerable: |
Drupal Drupal 7.13 |
Discussion
Drupal Core Access Bypass Vulnerability
Drupal is prone to an access bypass vulnerability because it fails to properly validate required user access permissions when viewing nodes.
An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of application, thus perform unauthorized actions; this may aid in launching further attacks.
Drupal versions 7.x through 7.12 are vulnerable.
Drupal is prone to an access bypass vulnerability because it fails to properly validate required user access permissions when viewing nodes.
An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of application, thus perform unauthorized actions; this may aid in launching further attacks.
Drupal versions 7.x through 7.12 are vulnerable.
Exploit / POC
Drupal Core Access Bypass Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
Drupal Core Access Bypass Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
Drupal Core Access Bypass Vulnerability
References:
References:
- Drupal Homepage (Drupal)
- Drupal Core page (Drupal)
- SA-CORE-2012-001 - Drupal core - Access bypass (Drupal)