CVE-2011-2687

Published Jul 27, 2011

Last updated 9 years ago

CVSS info 7.5

Overview

Description: Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48C33CAB-4633-418C-B162-20A2EC24E8DD"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC3B1750-17AD-4386-B6EE-1AFC9CDFB6C4"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E0C1873-22A6-4CE9-853D-2A40BD3D9E62"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F6DF608-0DA2-455F-AD28-7BE4A7548E48"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BCC306D-EB5D-4784-B0B1-B4F9370796F7"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5639A5F3-CD18-451C-BA5A-3336C42BED83"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B0A10CA-F59E-48AC-97E9-8476F63BAEDB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B7917C-5934-4AFF-B3DB-BE9B099B27FB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16731B53-3CD1-4B98-947B-7621162D8DB3"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD738402-A50E-4AEB-8F42-607F52DE5540"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "199AC10C-6E65-409B-8658-E26240B27E1B"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B378BEF-B070-4955-A6B3-8F2ACBA96832"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EC9A36-5EDC-4519-802E-BEA69B18800A"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C281EA7-8AE1-4D5A-B03B-B3BE37740195"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "024CF5B1-1875-4785-ACAF-35ECCC7914A5"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F446903-51AC-4FA3-BA90-C2EA59BBDB01"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE86CC5-956E-4F16-BE7B-2B1CAAEB5C40"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0AC1B21-D3BE-4B6A-AE40-8B395E81DD50"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References