Description
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-2776-1 | drupal6 security update |
EUVD |
EUVD-2012-0851 | Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T18:38:14.857Z
Reserved: 2012-01-19T00:00:00.000Z
Link: CVE-2012-0825
No data.
Status : Modified
Published: 2013-10-28T22:55:03.383
Modified: 2026-06-16T23:38:20.133
Link: CVE-2012-0825
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Debian DSA
EUVD