CVE-2009-3568
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
El modulo de Drupal, Comment RSS v5.x anteriores a v5.x-2.2 y v6.x anteriores a v6.x-2.2, no hace cumplir correctamente los permisos cuando un enlace se aƱade a un feed RSS, lo que permite a atacantes remotos obtener el titulo del nodo y posiblemente mas informaciĆ³n sensible mediante la lectura del feed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-06 CVE Reserved
- 2009-10-06 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/58177 | Vdb Entry | |
| http://www.securityfocus.com/bid/36429 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/579280 | 2009-10-08 | |
| http://drupal.org/node/579290 | 2009-10-08 | |
| http://drupal.org/node/579292 | 2009-10-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36787 | 2009-10-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dave Reid Search vendor "Dave Reid" | Commentrss Search vendor "Dave Reid" for product "Commentrss" | 5.x-2.1 Search vendor "Dave Reid" for product "Commentrss" and version "5.x-2.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Dave Reid Search vendor "Dave Reid" | Commentrss Search vendor "Dave Reid" for product "Commentrss" | 6.x-2.1 Search vendor "Dave Reid" for product "Commentrss" and version "6.x-2.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-1.0 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-1.1 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-1.2 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-1.x Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-2.0 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-2.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 5.x-2.x Search vendor "Gabor Hojtsy" for product "Commentrss" and version "5.x-2.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 6.x-1.0 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 6.x-1.1 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "6.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 6.x-1.2 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "6.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 6.x-2.0 Search vendor "Gabor Hojtsy" for product "Commentrss" and version "6.x-2.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Gabor Hojtsy Search vendor "Gabor Hojtsy" | Commentrss Search vendor "Gabor Hojtsy" for product "Commentrss" | 6.x-2.x Search vendor "Gabor Hojtsy" for product "Commentrss" and version "6.x-2.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|