NVD Vulnerability Detail

CVE-2010-0752

Summary	The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors.
Publication Date	Feb. 27, 2010, 9:30 a.m.
Registration Date	Jan. 29, 2021, 10:57 a.m.
Last Update	Aug. 17, 2017, 10:32 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:earl_dunovant:week:6.x-1.0:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-1.x-dev:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.0:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.1:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.2:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.3:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.4:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.5:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.6:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.x-dev:::::::*
execution environment
1	cpe:2.3:a:drupal:drupal::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://drupal.org/node/723776	CONFIRM	Patch
2	http://drupal.org/node/724286	CONFIRM	Patch Vendor Advisory
3	http://osvdb.org/62565	OSVDB
4	http://secunia.com/advisories/38717	SECUNIA	Vendor Advisory
5	http://www.securityfocus.com/bid/38397	BID
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/56504	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Drupal 用 Node Type モジュールの week_post_page 関数におけるノード一覧を読み取られる脆弱性

Title	Drupal 用 Node Type モジュールの week_post_page 関数におけるノード一覧を読み取られる脆弱性
Summary	Drupal 用の Node Type モジュールの Weekly Archive の week_post_page 関数は、SQL クエリを構成する際、ノードアクセス制限を適切に実装しないため、ノード一覧を読み取られる脆弱性が存在します。
Possible impacts	第三者により、ノード一覧を読み取られる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 24, 2010, midnight
Registration Date	June 26, 2012, 4:19 p.m.
Last Update	June 26, 2012, 4:19 p.m.

Affected System

Drupal

Earl Dunovant

week 6.x-2.7 未満の 6.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0752	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0752
National Vulnerability Database (NVD)
2	CVE-2010-0752	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0752

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Drupal
1	SA-CONTRIB-2010-019	http://drupal.org/node/724286

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:earl_dunovant:week:6.x-1.0:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-1.x-dev:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.0:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.1:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.2:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.3:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.4:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.5:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.6:::::::*
cpe:2.3:a:earl_dunovant:week:6.x-2.x-dev:::::::*
execution environment
1	cpe:2.3:a:drupal:drupal::::::::