Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

Apache Traffic Server HTTP Request Smuggling Vulnerability (CVE-2020-17509 )

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Unspecified Vulnerability (6.0.7)

WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.19)

Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities