Description

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Remediation

References

CVE-2012-0825

Related Vulnerabilities

Apache httpd remote denial of service

PostgreSQL Improper Authentication Vulnerability (CVE-2009-3231)

MySQL CVE-2014-2431 Vulnerability (CVE-2014-2431)

Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6497)

WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.1)

Severity

Medium

Classification

CVE-2012-0825 CWE-200

Tags

Missing Update Known Vulnerabilities