CVE-2012-1645
N/A
N/A
Summary
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupal.org/node/1441480
- http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
- http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- https://drupal.org/node/1441502
- http://www.osvdb.org/79317
- http://secunia.com/advisories/48032
- http://drupal.org/node/1441482
References
- http://drupal.org/node/1441480
- http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
- http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- https://drupal.org/node/1441502
- http://www.osvdb.org/79317
- http://secunia.com/advisories/48032
- http://drupal.org/node/1441482
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.