CVE-2009-2077 - OpenCVE

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Angrydonuts	Views
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:angrydonuts:views:6.x-2.0:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha1::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha2::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha3::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha4::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha5::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:beta1::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:beta2::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:beta3::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:beta4::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:rc1::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:rc2::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:rc3::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:rc4::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.0:rc5::::::
	cpe:2.3:a:angrydonuts:views:6.x-2.1:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.2:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.3:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.4:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.5:::::::*
	cpe:2.3:a:angrydonuts:views:6.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

References

Link	Resource
http://drupal.org/node/488068	Patch Vendor Advisory
http://drupal.org/node/488082	Patch Vendor Advisory
http://secunia.com/advisories/35425	Vendor Advisory
http://www.securityfocus.com/bid/35304	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:24:05

Updated: 2022-10-03T16:24:05

Reserved: 2022-10-03T00:00:00

Link: CVE-2009-2077

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-06-16T19:30:00.267

Modified: 2009-06-19T04:00:00.000

Link: CVE-2009-2077

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:24:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/488082"}, {"name": "35304", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35304"}, {"name": "35425", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35425"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/488068"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2077", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/488082", "refsource": "CONFIRM", "url": "http://drupal.org/node/488082"}, {"name": "35304", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35304"}, {"name": "35425", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35425"}, {"name": "http://drupal.org/node/488068", "refsource": "CONFIRM", "url": "http://drupal.org/node/488068"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2077", "datePublished": "2022-10-03T16:24:05", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:24:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:*:*:*:*:*:*:*", "matchCriteriaId": "83414EC6-8EB7-4315-8CBD-4A636C2AA221", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "8AB72D39-36A0-45B3-B754-BE0586A70ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "BF66A326-E339-42D3-B930-5F1BBC12EA30", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "F2056B71-0789-4472-B777-E6D0D679ED73", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "9FFE2EA1-46C4-43C2-8C0B-88D8F8459628", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "743C9847-4192-40CD-ADD2-261608E00BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3342C5AC-6693-461D-9170-080AFF29E05F", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "28B8A701-0DC1-4159-8A5C-4B100D1366A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7B69E676-A056-4A03-893C-82F9648C6AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "344B872A-6B72-45DA-A0D3-ED04EBF40AC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D2B1D17D-B06B-4801-AEBA-98B782AE18E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D11D3B74-4D1D-46A1-8EF3-C9CEA3E47C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F567110E-A23C-42E8-9B76-1E872FCDC147", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "47415DF9-80EB-4ACE-87A2-9B1FA4D3E772", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "9F8DE5A9-38B3-4696-A141-D300FF68291B", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.1:*:*:*:*:*:*:*", "matchCriteriaId": "48806155-F591-49A7-8258-31E8B7E917D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B376B96-3A17-446B-80AC-A6408120D950", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B36D36B-9EA4-441C-813C-8D99405B5F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.4:*:*:*:*:*:*:*", "matchCriteriaId": "457E23F8-7961-410D-8E8A-030116889002", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.5:*:*:*:*:*:*:*", "matchCriteriaId": "50F929B4-BBDA-4E83-98BF-A8F3650A7445", "vulnerable": true}, {"criteria": "cpe:2.3:a:angrydonuts:views:6.x-2.x:dev:*:*:*:*:*:*", "matchCriteriaId": "9809F86C-3887-4922-9203-DB0CAAC03D03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries."}, {"lang": "es", "value": "Drupal v6.x anteriores a v6.x-2.6, un modulo de Drupal, permite a usuarios autenticados evitar las restricciones de acceso y (1) leer contenido sin publicar de usuarios an\u00f3nimos cuando una vista esta configurada para mostrar contenido, y (2) leer contenido privado en peticiones generadas."}], "id": "CVE-2009-2077", "lastModified": "2009-06-19T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-16T19:30:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/488068"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/488082"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35425"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35304"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}