Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

Oracle Database Server Improper Authentication Vulnerability (CVE-2012-3137)

WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)

Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)

WordPress Plugin Geo Mashup Unspecified Vulnerability (1.10.3)

PHP Improper Input Validation Vulnerability (CVE-2014-3480)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities