← voltar
CVE-2012-2296

CVE-2012-2296

EPSS 1.6%
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://drupal.org/node/1515114http://drupal.org/node/1515120http://drupal.org/node/1515282https://exchange.xforce.ibmcloud.com/vulnerabilities/74616http://www.openwall.com/lists/oss-security/2012/04/10/12http://www.openwall.com/lists/oss-security/2012/05/03/1http://www.openwall.com/lists/oss-security/2012/05/03/2