Access bypass in Drupal - CVE-2011-2687
Published: September 15, 2016 / Updated: September 16, 2016
Vulnerability identifier: #VU479
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-2687
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to get unrestricted access to private files.
The weakness exists due to using of private files in combination with a node access module that allows a malicious user to obtain private information.
Successful exploitation of the vulnerability results in gaining unlimited access to private data.
The weakness exists due to using of private files in combination with a node access module that allows a malicious user to obtain private information.
Successful exploitation of the vulnerability results in gaining unlimited access to private data.
How to mitigate CVE-2011-2687
Update to 7.1.
https://www.drupal.org/node/1168910
Update to 7.2.
https://www.drupal.org/node/1168946
https://www.drupal.org/node/1168910
Update to 7.2.
https://www.drupal.org/node/1168946