Vulnerability Details CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.5%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2012-0825
-
cpe:2.3:a:drupal:drupal:6.0
-
cpe:2.3:a:drupal:drupal:6.1
-
cpe:2.3:a:drupal:drupal:6.10
-
cpe:2.3:a:drupal:drupal:6.11
-
cpe:2.3:a:drupal:drupal:6.12
-
cpe:2.3:a:drupal:drupal:6.13
-
cpe:2.3:a:drupal:drupal:6.14
-
cpe:2.3:a:drupal:drupal:6.15
-
cpe:2.3:a:drupal:drupal:6.16
-
cpe:2.3:a:drupal:drupal:6.17
-
cpe:2.3:a:drupal:drupal:6.18
-
cpe:2.3:a:drupal:drupal:6.19
-
cpe:2.3:a:drupal:drupal:6.2
-
cpe:2.3:a:drupal:drupal:6.20
-
cpe:2.3:a:drupal:drupal:6.21
-
cpe:2.3:a:drupal:drupal:6.22
-
cpe:2.3:a:drupal:drupal:6.23
-
cpe:2.3:a:drupal:drupal:7.0
-
cpe:2.3:a:drupal:drupal:7.1
-
cpe:2.3:a:drupal:drupal:7.10
-
cpe:2.3:a:drupal:drupal:7.2
-
cpe:2.3:a:drupal:drupal:7.3
-
cpe:2.3:a:drupal:drupal:7.4
-
cpe:2.3:a:drupal:drupal:7.5
-
cpe:2.3:a:drupal:drupal:7.6
-
cpe:2.3:a:drupal:drupal:7.7
-
cpe:2.3:a:drupal:drupal:7.8
-
cpe:2.3:a:drupal:drupal:7.9
-
cpe:2.3:a:drupal:drupal:7.x
-
cpe:2.3:a:drupal:drupal:7.x-dev