Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request for Drupal contributed modules
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Aug 2013 10:27:09 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/11/2013 10:06 PM, Forest Monsen wrote:
Good, thanks Henri.


On Sat, Aug 10, 2013 at 12:38 AM, Henri Salo <henri () nerv fi>
wrote:

On Fri, Aug 09, 2013 at 10:02:59PM -0600, Kurt Seifried wrote:
On 08/09/2013 05:29 PM, Forest Monsen wrote:
Hi there,

I'd like to request CVE identifiers for...

SA-CONTRIB-2013-061 - Flippy - Access Bypass 
https://drupal.org/node/2054701

SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access 
Bypass https://drupal.org/node/2059603

SA-CONTRIB-2013-063 - Authenticated User Page Caching
(Authcache) - Information Disclosure
https://drupal.org/node/2059589

SA-CONTRIB-2013-064 - Persona - Cross site request forgery
(CSRF) https://drupal.org/node/2059599

SA-CONTRIB-2013-065 - Organic Groups - Access Bypass 
https://drupal.org/node/2059765

SA-CONTRIB-2013-066 - Monster Menus - Multiple
Vulnerabilities (Looks like two here: XSS, and an Access
Bypass vuln) https://drupal.org/node/2059823

Thanks!

Best, Forest


Yup

CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass

CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services
(RESTWS) - Access Bypass

CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page
Caching (Authcache) -Information Disclosure

CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site
request forgery (CSRF)

CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access
Bypass

CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS

CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access
Bypass

CVE-2013-4187 has been assigned already for
SA-CONTRIB-2013-061[1]. CVE-2013-4224 should be REJECTED if I am
correct, thanks.

1: http://www.openwall.com/lists/oss-security/2013/08/01/1

--- Henri Salo



Thanks all for catching it. Please REJECT CVE-2013-4224, use the
originally assigned CVE-2013-4187 please.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSCQzdAAoJEBYNRVNeJnmTDGoP/0rbe9yEUlqBXeBXNAem/3C4
CF7tKsx+EDTHegRWtFZgmiRqNWzCJfLoWGLO79Klu5HT/pmmnHX6ESMdFJqcjlDV
CmNSU8di/K8JJdZGIgAwp3JyEiIRlRVnMwKy/AeintaiPRGxl5qSy3N4qVWwdUz/
Zn3ss5wjNDyPrq106wTtbFY+BiKprR5RvIx+bBMXmP0D6sqEuXb73laWnv9nRPgz
HoYL65aoEGVWZq3SIyKVF5lNaIPZhKbHSyXp1cmO0sy29aPwl1hjJTvoimyTUBka
5CRmUAg25NR/GJdP8GYMCQiU/Az8Lu3UVrxzgRyzZYjpVcoD3l/icdJqs/PiD/TW
w/85sWoIbSoZX9ZaHQFc0rzj3NiGVxKi2x/2FUBouFgf7Vxlfn/dva5oLiPNdQgL
ADCW92Pbgp4Bk3N0YH++f1vrhYzZ+W6D4wQgaFhH0nqXv7LfjDsXnSfHV0kid83+
qGi8FCA8+N88gfwBzQfpnIq9nsWanuOQO9BMdgFZXKEFxSsYnWGNLx5UWL444x7F
ojka3OHBc8A+/i+Ty+g5qXhL7wWrCAgo6UYLMZ4hXIJjNlLeO9lpLNe+dAQ+y6Jm
pBEUgiLoYBHSmtpavQv2UVmkfKcwXoY+7+NO5Z/4kQUAZBKCGSNKIz4oIS0KXmK+
zTkz+Hb03mnBrR/LOndZ
=8/DX
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault