CVE-2012-1645

CDN module 6.x-2.2 and 7.x-2.2 for Drupal - Unauthenticated Arbitrary File Read via Origin Pull Mode

Title source: llm
STIX 2.1

Description

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

References (8)

Core 8
Core References
Various Sources x_refsource_confirm
http://drupal.org/node/1441480
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/07/1
Patch, Vendor Advisory x_refsource_misc
https://drupal.org/node/1441502
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/79317
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48032
Patch x_refsource_confirm
http://drupal.org/node/1441482

Scores

EPSS 0.0140
EPSS Percentile 69.3%

Details

CWE
CWE-200
Status published
Products (2)
wimleers/cdn 6.x-2.2
wimleers/cdn 7.x-2.2
Published Aug 28, 2012
Tracked Since Feb 18, 2026