CVE-2012-5556
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en el módulo ESTful Web Services (RESTWS) v7.x-1.x antes de v7.x-1.1 y v7.x-2.x antes de v7.x-2.0-alpha3 para Drupal, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios a través de vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-03 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1840722 | 2020-02-26 | |
| http://drupal.org/node/1840728 | 2020-02-26 | |
| http://drupal.org/node/1840740 | 2020-02-26 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-1.0 Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-1.0 Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-1.0" | beta1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-1.0 Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-1.0" | beta2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-1.x Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-2.0 Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-2.0" | alpha1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-2.0 Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-2.0" | alpha2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Restful Web Services Project Search vendor "Restful Web Services Project" | Restful Web Services Search vendor "Restful Web Services Project" for product "Restful Web Services" | 7.x-2.x Search vendor "Restful Web Services Project" for product "Restful Web Services" and version "7.x-2.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|