Secunia
Login
|
|
CVE Reference: CVE-2007-6752 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-6752 |
|
|
Description: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off." |
|
|
CVE Status: Candidate |
|
|
References: MISC http://drupal.org/node/144538 http://groups.drupal.org/node/216314 http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.html http://packetstormsecurity.org/files/110404/drupal712-xsrf.txt EXPLOIT-DB http://www.exploit-db.com/exploits/18564/ |
|
| Return to the previous page. |
