CVE-2012-0826

Published: Oct 28, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.

Affected (59)

Products: Drupal: Drupal

Drupal

1 product

Drupal

Configuration A

32 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 6.0
Drupal Drupal	Version 6.0 beta1
Drupal Drupal	Version 6.0 beta2
Drupal Drupal	Version 6.0 beta3
Drupal Drupal	Version 6.0 beta4
Drupal Drupal	Version 6.0 dev
Drupal Drupal	Version 6.0 rc1
Drupal Drupal	Version 6.0 rc2
Drupal Drupal	Version 6.0 rc3
Drupal Drupal	Version 6.0 rc4
Drupal Drupal	Version 6.10
Drupal Drupal	Version 6.11
Drupal Drupal	Version 6.12
Drupal Drupal	Version 6.13
Drupal Drupal	Version 6.14
Drupal Drupal	Version 6.15
Drupal Drupal	Version 6.16
Drupal Drupal	Version 6.17
Drupal Drupal	Version 6.18
Drupal Drupal	Version 6.19
Drupal Drupal	Version 6.1
Drupal Drupal	Version 6.20
Drupal Drupal	Version 6.21
Drupal Drupal	Version 6.22
Drupal Drupal	Version 6.2
Drupal Drupal	Version 6.3
Drupal Drupal	Version 6.4
Drupal Drupal	Version 6.5
Drupal Drupal	Version 6.6
Drupal Drupal	Version 6.7
Drupal Drupal	Version 6.8
Drupal Drupal	Version 6.9

Configuration B

27 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 7.0
Drupal Drupal	Version 7.0 alpha1
Drupal Drupal	Version 7.0 alpha2
Drupal Drupal	Version 7.0 alpha3
Drupal Drupal	Version 7.0 alpha4
Drupal Drupal	Version 7.0 alpha5
Drupal Drupal	Version 7.0 alpha6
Drupal Drupal	Version 7.0 alpha7
Drupal Drupal	Version 7.0 beta1
Drupal Drupal	Version 7.0 beta2
Drupal Drupal	Version 7.0 beta3
Drupal Drupal	Version 7.0 dev
Drupal Drupal	Version 7.0 rc1
Drupal Drupal	Version 7.0 rc2
Drupal Drupal	Version 7.0 rc3
Drupal Drupal	Version 7.0 rc4
Drupal Drupal	Version 7.10
Drupal Drupal	Version 7.1
Drupal Drupal	Version 7.2
Drupal Drupal	Version 7.3
Drupal Drupal	Version 7.4
Drupal Drupal	Version 7.5
Drupal Drupal	Version 7.6
Drupal Drupal	Version 7.7
Drupal Drupal	Version 7.8
Drupal Drupal	Version 7.9
Drupal Drupal	Version 7.x-dev

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.debian.org/security/2013/dsa-2776

Source: secalert@redhat.com

https://drupal.org/node/1425084

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2013/dsa-2776

Source: af854a3a-2127-422b-91ae-364da2661108

https://drupal.org/node/1425084

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.