Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4432)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)

Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1904)

WordPress Plugin WP GDPR Multiple Vulnerabilities (2.1.1)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4572)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities