CVE-2012-1589
medium
CVSS v3
—
CVSS v2
5.8
VIR risk
5.8
Description
Drupal Open Redirect
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://drupal.org/node/1557938
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | drupal/drupal | >=7.0,<7.13 | 7.13 |
References
- http://drupal.org/node/1557938
- http://jvn.jp/en/jp/JVN45898075/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045
- http://osvdb.org/81679
- http://secunia.com/advisories/49012
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://www.securityfocus.com/bid/53365
- https://nvd.nist.gov/vuln/detail/CVE-2012-1589
- https://web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365
- https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.