CVE-2009-3122

The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/560298	Vendor Advisory
http://secunia.com/advisories/36497	Vendor Advisory
http://www.osvdb.org/57435
http://www.securityfocus.com/bid/36165
http://www.vupen.com/english/advisories/2009/2452	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52818

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:chris_shattuck:ajaxtable:5.x-1.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-09 22:30

Updated : 2017-08-17 01:31

NVD link : CVE-2009-3122

Mitre link : CVE-2009-3122

CVE.ORG link : CVE-2009-3122

JSON object : View

Products Affected

chris_shattuck

ajaxtable

drupal

drupal

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-3122", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-09T22:30:00.453", "references": [{"url": "http://drupal.org/node/560298", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36497", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/57435", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36165", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2452", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52818", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo Ajax Table v5.x para Drupal, no realiza un control de acceso, lo que permite a atacantes remotos eliminar archivos y nodos de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-17T01:31:02.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chris_shattuck:ajaxtable:5.x-1.x-dev:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67343C11-7314-4634-9B31-E5D4EFFC08B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}