← Back

CVE-2007-6752

nvd nist
Published: Mar 28, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.

Affected (148)

Products: Drupal: Drupal
Drupal
1 product
Drupal
Configuration A
148 vulnerable
Vulnerable SoftwareAffected Versions
Drupal
Drupal
Up to 7.12
Drupal
Version 4.0.0
Drupal
Version 4.0
Drupal
Version 4.1.0
Drupal
Version 4.2.0_rc
Drupal
Version 4.4.0
Drupal
Version 4.4.1
Drupal
Version 4.4.2
Drupal
Version 4.4.3
Drupal
Version 4.4
Drupal
Version 4.5.0
Drupal
Version 4.5.1
Drupal
Version 4.5.2
Drupal
Version 4.5.3
Drupal
Version 4.5.4
Drupal
Version 4.5.5
Drupal
Version 4.5.6
Drupal
Version 4.5.7
Drupal
Version 4.5.8
Drupal
Version 4.5
Drupal
Version 4.6.0
Drupal
Version 4.6.10
Drupal
Version 4.6.11
Drupal
Version 4.6.1
Drupal
Version 4.6.2
Drupal
Version 4.6.3
Drupal
Version 4.6.4
Drupal
Version 4.6.5
Drupal
Version 4.6.6
Drupal
Version 4.6.7
Drupal
Version 4.6.8
Drupal
Version 4.6.9
Drupal
Version 4.6
Drupal
Version 4.7.0
Drupal
Version 4.7.10
Drupal
Version 4.7.1
Drupal
Version 4.7.2
Drupal
Version 4.7.3
Drupal
Version 4.7.4
Drupal
Version 4.7.5
Drupal
Version 4.7.6
Drupal
Version 4.7.7
Drupal
Version 4.7.8
Drupal
Version 4.7.9
Drupal
Version 4.7
Drupal
Version 4.7_rev1.15
Drupal
Version 4.7_rev_1.15
Drupal
Version 4.7_rev_1.2
Drupal
Version 4.7_revision_1.2
Drupal
Version 5.0
Drupal
Version 5.0 beta1
Drupal
Version 5.0 beta2
Drupal
Version 5.0 dev
Drupal
Version 5.0 rc1
Drupal
Version 5.0 rc2
Drupal
Version 5.10
Drupal
Version 5.11
Drupal
Version 5.12
Drupal
Version 5.13
Drupal
Version 5.14
Drupal
Version 5.15
Drupal
Version 5.16
Drupal
Version 5.17
Drupal
Version 5.18
Drupal
Version 5.19
Drupal
Version 5.1
Drupal
Version 5.1_rev1.1
Drupal
Version 5.20
Drupal
Version 5.21
Drupal
Version 5.22
Drupal
Version 5.23
Drupal
Version 5.2
Drupal
Version 5.3
Drupal
Version 5.4
Drupal
Version 5.5.
Drupal
Version 5.5
Drupal
Version 5.6
Drupal
Version 5.7
Drupal
Version 5.8
Drupal
Version 5.9
Drupal
Version 5.x dev
Drupal
Version 6.0
Drupal
Version 6.0 beta1
Drupal
Version 6.0 beta2
Drupal
Version 6.0 beta3
Drupal
Version 6.0 beta4
Drupal
Version 6.0 dev
Drupal
Version 6.0 rc-1
Drupal
Version 6.0 rc-2
Drupal
Version 6.0 rc-3
Drupal
Version 6.0 rc-4
Drupal
Version 6.0 rc1
Drupal
Version 6.0 rc2
Drupal
Version 6.0 rc3
Drupal
Version 6.0 rc4
Drupal
Version 6.10
Drupal
Version 6.11
Drupal
Version 6.12
Drupal
Version 6.13
Drupal
Version 6.14
Drupal
Version 6.15
Drupal
Version 6.16
Drupal
Version 6.17
Drupal
Version 6.18
Drupal
Version 6.19
Drupal
Version 6.1
Drupal
Version 6.20
Drupal
Version 6.21
Drupal
Version 6.22
Drupal
Version 6.23
Drupal
Version 6.24
Drupal
Version 6.2
Drupal
Version 6.3
Drupal
Version 6.4
Drupal
Version 6.5
Drupal
Version 6.6
Drupal
Version 6.7
Drupal
Version 6.8
Drupal
Version 6.9
Drupal
Version 6.x-dev
Drupal
Version 7.0
Drupal
Version 7.0 alpha1
Drupal
Version 7.0 alpha2
Drupal
Version 7.0 alpha3
Drupal
Version 7.0 alpha4
Drupal
Version 7.0 alpha5
Drupal
Version 7.0 alpha6
Drupal
Version 7.0 alpha7
Drupal
Version 7.0 beta1
Drupal
Version 7.0 beta2
Drupal
Version 7.0 beta3
Drupal
Version 7.0 dev
Drupal
Version 7.0 rc1
Drupal
Version 7.0 rc2
Drupal
Version 7.0 rc3
Drupal
Version 7.0 rc4
Drupal
Version 7.10
Drupal
Version 7.11
Drupal
Version 7.1
Drupal
Version 7.2
Drupal
Version 7.3
Drupal
Version 7.4
Drupal
Version 7.5
Drupal
Version 7.6
Drupal
Version 7.7
Drupal
Version 7.8
Drupal
Version 7.9
Drupal
Version 7.x-dev

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.