Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2968)

PHP Numeric Errors Vulnerability (CVE-2016-10158)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (2.3.5)

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

WordPress Plugin Post video players, slideshow albums, photo galleries and music/podcast playlist Cross-Site Scripting (1.136)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities