CVE-2012-5556

Drupal RESTWS <7.x-1.1, <7.x-2.0-alpha3 - CSRF

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/node/1840740
Patch x_refsource_confirm
http://drupal.org/node/1840722
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/20/4
Patch x_refsource_confirm
http://drupal.org/node/1840728

Scores

EPSS 0.0064
EPSS Percentile 46.5%

Details

CWE
CWE-352
Status published
Products (4)
restful_web_services_project/restful_web_services 7.x-1.0 (3 CPE variants)
restful_web_services_project/restful_web_services 7.x-1.x dev
restful_web_services_project/restful_web_services 7.x-2.0 alpha1 (2 CPE variants)
restful_web_services_project/restful_web_services 7.x-2.x dev
Published Dec 03, 2012
Tracked Since Feb 18, 2026