// For flags

CVE-2012-1591

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

El módulo image en Drupal v7.x antes de v7.14, no comprueba correctamente los permisos cuando se almacenan en caché los estilos de imágenes derivados de imágenes privadas, lo que permite a atacantes remotos leer estilos particulares de imagen.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-03-12 CVE Reserved
  • 2012-05-03 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha4
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha5
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha6
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
alpha7
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
beta3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
dev
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc1
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc2
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc3
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.0
Search vendor "Drupal" for product "Drupal" and version "7.0"
rc4
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.1
Search vendor "Drupal" for product "Drupal" and version "7.1"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.2
Search vendor "Drupal" for product "Drupal" and version "7.2"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.3
Search vendor "Drupal" for product "Drupal" and version "7.3"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.4
Search vendor "Drupal" for product "Drupal" and version "7.4"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.5
Search vendor "Drupal" for product "Drupal" and version "7.5"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.6
Search vendor "Drupal" for product "Drupal" and version "7.6"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.7
Search vendor "Drupal" for product "Drupal" and version "7.7"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.8
Search vendor "Drupal" for product "Drupal" and version "7.8"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.9
Search vendor "Drupal" for product "Drupal" and version "7.9"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.10
Search vendor "Drupal" for product "Drupal" and version "7.10"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.11
Search vendor "Drupal" for product "Drupal" and version "7.11"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.12
Search vendor "Drupal" for product "Drupal" and version "7.12"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.13
Search vendor "Drupal" for product "Drupal" and version "7.13"
-
Affected
Drupal
Search vendor "Drupal"
Drupal
Search vendor "Drupal" for product "Drupal"
7.x-dev
Search vendor "Drupal" for product "Drupal" and version "7.x-dev"
-
Affected