CVE-2012-4554

CVE-2012-4554

EPSS 15.8%

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://drupalcode.org/project/drupal.git/commit/b912710 http://drupal.org/node/1815912 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5