製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

Drupal 用 CDN モジュールにおける任意の PHP ファイルを読まれる脆弱性

Title	Drupal 用 CDN モジュールにおける任意の PHP ファイルを読まれる脆弱性
Summary	Drupal 用 CDN モジュールには、"Far Future expiration" オプションが有効にされている状態で Origin Pull モードが動作する場合に、任意の PHP ファイルを読まれる脆弱性が存在します。
Possible impacts	第三者により、任意の PHP ファイルを読まれる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 15, 2012, midnight
Registration Date	Aug. 31, 2012, 2:57 p.m.
Last Update	Aug. 31, 2012, 2:57 p.m.

CVSS2.0 : 注意
Score	2.6
Vector	AV:N/AC:H/Au:N/C:P/I:N/A:N

Affected System

Wim Leers

CDN 6.x-2.2

CDN 7.x-2.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1645	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1645
National Vulnerability Database (NVD)
2	CVE-2012-1645	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1645

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Drupal
1	cdn 6.x-2.3	http://drupal.org/node/1441482
2	cdn 7.x-2.3	http://drupal.org/node/1441480
3	project/cdn.git / commitdiff / cd2a5ff	http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
4	project/cdn.git / commitdiff / eca85e6	http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
Security advisories
5	DRUPAL-SA-CONTRIB-2012-022	https://drupal.org/node/1441502

Change Log

No	Changed Details	Date of change
0	[2012年08月31日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1645

Summary	The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
Publication Date	Aug. 29, 2012, 2:55 a.m.
Registration Date	Jan. 28, 2021, 2:56 p.m.
Last Update	Nov. 21, 2024, 10:37 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:wimleers:cdn:6.x-2.2:::::::*
cpe:2.3:a:wimleers:cdn:7.x-2.2:::::::*
execution environment
1	cpe:2.3:a:drupal:drupal:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://drupal.org/node/1441480
2	http://drupal.org/node/1441480
3	http://drupal.org/node/1441482		Patch
4	http://drupal.org/node/1441482		Patch
5	http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff		Patch
6	http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff		Patch
7	http://drupalcode.org/project/cdn.git/commitdiff/eca85e6		Patch
8	http://drupalcode.org/project/cdn.git/commitdiff/eca85e6		Patch
9	http://secunia.com/advisories/48032		Vendor Advisory
10	http://secunia.com/advisories/48032		Vendor Advisory
11	http://www.openwall.com/lists/oss-security/2012/04/07/1
12	http://www.openwall.com/lists/oss-security/2012/04/07/1
13	http://www.osvdb.org/79317
14	http://www.osvdb.org/79317
15	https://drupal.org/node/1441502		Patch Vendor Advisory
16	https://drupal.org/node/1441502		Patch Vendor Advisory

Common Vulnerabilities List