Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

WebLogic CVE-2019-2856 Vulnerability (CVE-2019-2856)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)

MySQL Other Vulnerability (CVE-2007-5970)

WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities