NVD

Id
43517  
Name
CVE-2012-1645  
Description
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2012-08-28  
Modified Date
2012-08-29  
Seq
2012-1645  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
218712 43517 CVE-2012-1645 http://drupal.org/node/1441480  View
218713 43517 CVE-2012-1645 http://drupal.org/node/1441482  View
218714 43517 CVE-2012-1645 http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff  View
218715 43517 CVE-2012-1645 http://drupalcode.org/project/cdn.git/commitdiff/eca85e6  View
218716 43517 CVE-2012-1645 [oss-security] 20120406 CVE"s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)  View
218717 43517 CVE-2012-1645 https://drupal.org/node/1441502  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28287 JVNDB-2012-003994 Drupal 用 CDN モジュールにおける任意の PHP ファイルを読まれる脆弱性 Drupal 用 CDN モジュールには、"Far Future expiration" オプションが有効にされている状態で Origin Pull モードが動作する場合に、任意の PHP ファイルを読まれる脆弱性が存在します。 CVE-2012-1645 54883 CVE-2012-1645 43517 2.6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003994.html 2012-02-15 2012-08-31 View