CVE-2012-1645

https://notcve.org/view.php?id=CVE-2012-1645

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. El módulo CDN v6.x-2.2 y v7.x-2.2 para Drupal, cuando está en ejecución en modo Origin Pull con la opción "Far Future expiration" habilitada, permite a atacantes remotos leer ficheros PHP de su elección a través de vectores no especificados, como se ha demostrado leyendo settings.php. • http://drupal.org/node/1441480 http://drupal.org/node/1441482 http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff http://drupalcode.org/project/cdn.git/commitdiff/eca85e6 http://secunia.com/advisories/48032 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79317 https://drupal.org/node/1441502 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •