NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-3744

Summary	Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.
Summary	Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Drupal 5.x versiones anteriores a 5.10 y 6.x versiones anteriores a 6.4 permiten a atacantes remotos (1) añadir o (2) borrar reglas de acceso de usuarios como administradores a través de una URL sin especificar.
Publication Date	Aug. 28, 2008, 12:21 a.m.
Registration Date	Jan. 29, 2021, 1:41 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	5.8
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:drupal:drupal:5.0:::::::*
cpe:2.3:a:drupal:drupal:5.1:::::::*
cpe:2.3:a:drupal:drupal:5.2:::::::*
cpe:2.3:a:drupal:drupal:5.3:::::::*
cpe:2.3:a:drupal:drupal:5.4:::::::*
cpe:2.3:a:drupal:drupal:5.5:::::::*
cpe:2.3:a:drupal:drupal:5.6:::::::*
cpe:2.3:a:drupal:drupal:5.7:::::::*
cpe:2.3:a:drupal:drupal:5.8:::::::*
cpe:2.3:a:drupal:drupal:5.9:::::::*
cpe:2.3:a:drupal:drupal:6.0:::::::*
cpe:2.3:a:drupal:drupal:6.1:::::::*
cpe:2.3:a:drupal:drupal:6.2:::::::*
cpe:2.3:a:drupal:drupal:6.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://drupal.org/node/295053	cve@mitre.org
2	http://secunia.com/advisories/31462	cve@mitre.org
3	http://secunia.com/advisories/31825	cve@mitre.org
4	http://www.securityfocus.com/bid/30689	cve@mitre.org
5	http://www.vupen.com/english/advisories/2008/2392	cve@mitre.org
6	https://bugzilla.redhat.com/show_bug.cgi?id=459108	cve@mitre.org
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/44448	cve@mitre.org
8	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html	cve@mitre.org
9	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html	cve@mitre.org
10	http://drupal.org/node/295053	af854a3a-2127-422b-91ae-364da2661108
11	http://secunia.com/advisories/31462	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/31825	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/bid/30689	af854a3a-2127-422b-91ae-364da2661108
14	http://www.vupen.com/english/advisories/2008/2392	af854a3a-2127-422b-91ae-364da2661108
15	https://bugzilla.redhat.com/show_bug.cgi?id=459108	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/44448	af854a3a-2127-422b-91ae-364da2661108
17	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html	af854a3a-2127-422b-91ae-364da2661108
18	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html