{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "47851", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47851"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1425150"}, {"name": "51826", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51826"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1423722"}, {"name": "drupal-multiple-blocks-security-bypass(72920)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"}, {"name": "78817", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78817"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1056", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47851", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47851"}, {"name": "http://drupal.org/node/1425150", "refsource": "CONFIRM", "url": "http://drupal.org/node/1425150"}, {"name": "51826", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51826"}, {"name": "http://drupal.org/node/1423722", "refsource": "CONFIRM", "url": "http://drupal.org/node/1423722"}, {"name": "drupal-multiple-blocks-security-bypass(72920)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"}, {"name": "78817", "refsource": "OSVDB", "url": "http://osvdb.org/78817"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:26.881Z"}, "title": "CVE Program Container", "references": [{"name": "47851", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47851"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1425150"}, {"name": "51826", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51826"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1423722"}, {"name": "drupal-multiple-blocks-security-bypass(72920)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"}, {"name": "78817", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78817"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1056", "datePublished": "2012-02-14T00:00:00", "dateReserved": "2012-02-13T00:00:00", "dateUpdated": "2024-08-06T18:45:26.881Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*", "matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*", "matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*", "matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*", "matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*", "matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal no aplica correctamente los permisos para (1) reenv\u00edos 'Recent' (2) enviado 'Most', o (3) bloques 'Dynamic', lo que permite a atacantes remotos obtener t\u00edtulos de nodos a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-1056", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-02-14T00:55:00.740", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/1423722"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1425150"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/78817"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47851"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51826"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1423722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1425150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72920"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}