CVE-2009-3654

Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://drupal.org/node/592470	Patch
http://drupal.org/node/592490	Patch Vendor Advisory
http://osvdb.org/58424
http://secunia.com/advisories/36925	Vendor Advisory
http://www.securityfocus.com/bid/36561
https://exchange.xforce.ibmcloud.com/vulnerabilities/53553

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:316solutions:boost::::::::
	cpe:2.3:a:316solutions:boost:6.x-1.0:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0:rc5::::::
	cpe:2.3:a:316solutions:boost:6.x-1.0-alpha1:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-alpha2:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-alpha3:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-alpha4:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-beta1:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-beta2:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-rc1:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-rc2:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-rc3:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-rc4:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.0-rc5:::::::*
	cpe:2.3:a:316solutions:boost:6.x-1.x-dev:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-10-09 14:30

Updated : 2017-08-17 01:31

NVD link : CVE-2009-3654

Mitre link : CVE-2009-3654

CVE.ORG link : CVE-2009-3654

JSON object : View

Products Affected

316solutions

boost

drupal

drupal

CWE

NVD-CWE-Other

{"id": "CVE-2009-3654", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-10-09T14:30:00.577", "references": [{"url": "http://drupal.org/node/592470", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/592490", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/58424", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36925", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36561", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53553", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el m\u00f3dulo de Drupal \"Boost\" antes de v6.x-1.03, permite a atacantes remotos para crear directorios webroot nuevos a trav\u00e9s de vectores de ataque desconocidos."}], "lastModified": "2017-08-17T01:31:13.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:316solutions:boost:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C776FC76-983B-417E-8D2D-9C6030EB828B", "versionEndIncluding": "6.x-1.01"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "499F1230-CC5E-4E7C-97DB-5A86D2EB201E"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E733ACBC-95F7-4A9A-B5F6-A2C130FB393E"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-alpha1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CCB8ED0-136E-4A8C-9BD5-56AF647C4255"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-alpha2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC5F2A5-2B28-4568-938B-9F45A65D2090"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-alpha3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6028B533-8FEE-480F-A085-C9A378CF192E"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-alpha4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A56D7F3-D21D-44E7-A199-67F62ECABD52"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4004B5C-1535-4D09-AB6F-10594705A841"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1B5166-B9DF-4084-8177-3EC5FFC53E8C"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E97250B2-5A19-43D0-9480-5DC81CB167F8"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "215CBCF7-243E-4D42-BB4F-095A0D1C8C58"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-rc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11099A30-D191-4031-88D5-5EBB5F8D8263"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-rc4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F0E5BED-0B3F-4BEB-A64E-679C0B8577B1"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.0-rc5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5DA28CF-0CC8-4D1E-8E6A-F3798C4688AC"}, {"criteria": "cpe:2.3:a:316solutions:boost:6.x-1.x-dev:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A83E0181-627C-41B6-8819-95DF2E066355"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}