CVE-2013-4272 - OpenCVE

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Botcha Spam Prevention Project	Botcha
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.0:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.1:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.2:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.3:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.4:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.5:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.x:dev::::::
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-2.0:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-2.x:dev::::::
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.0:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.1:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.2:::::::*
	cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/08/22/2
https://drupal.org/node/2064781	Patch
https://drupal.org/node/2064783
https://drupal.org/node/2064785	Patch
https://drupal.org/node/2065057	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:14:58

Updated: 2022-10-03T16:14:58

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-4272

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-08-28T22:55:05.763

Modified: 2013-09-05T15:41:25.370

Link: CVE-2013-4272

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2064785"}, {"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2064783"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2065057"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2064781"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4272", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2064785", "refsource": "CONFIRM", "url": "https://drupal.org/node/2064785"}, {"name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"}, {"name": "https://drupal.org/node/2064783", "refsource": "CONFIRM", "url": "https://drupal.org/node/2064783"}, {"name": "https://drupal.org/node/2065057", "refsource": "MISC", "url": "https://drupal.org/node/2065057"}, {"name": "https://drupal.org/node/2064781", "refsource": "CONFIRM", "url": "https://drupal.org/node/2064781"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4272", "datePublished": "2022-10-03T16:14:58", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "20D6AC7B-48E7-4E61-87A0-56B30B5E79C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "835D442D-8D23-4A47-9695-51B224B0E8E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2EF34CF-72AB-46D7-8537-FC5A8E73F7BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D94F69C-447A-4352-983D-7C0EF8778F1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B660402-B945-41FD-B821-6BBA332E4585", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "96668E48-2D12-4FC8-85B4-607E429DE328", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "4C337A5E-BB87-4BB8-B52A-1225FDCE07E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8889659A-063E-4148-8CF5-0799DE923766", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-2.x:dev:*:*:*:*:*:*", "matchCriteriaId": "378D5013-6326-400F-B174-F47B9F33A0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E0FB36A-37B6-41C9-9263-7D3E37AC260E", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "80BDF06F-901A-47E3-BC24-71E287E12405", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C3CC7B7-109A-4F06-8DCC-B5DF7E9184FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:botcha_spam_prevention_project:botcha:7.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "E8594107-7728-4D2D-A85E-358D960843E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file."}, {"lang": "es", "value": "El m\u00f3dulo BOTCHA Spam Prevention v7.x-1.x anterior a v7.x-1.6, v7.x-2.x anterior a v7.x-2.1, y v7.x-3.x anterior a v7.x-3.3 para Drupal, cuando el nivel de depuraci\u00f3n se establece en 5 o 6, registra el contenido de los formularios enviados, lo que permite a los usuarios dependientes del contexto obtener informaci\u00f3n confidencial, como nombres de usuario y las contrase\u00f1as mediante la lectura del archivo de registro."}], "id": "CVE-2013-4272", "lastModified": "2013-09-05T15:41:25.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-28T22:55:05.763", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2064781"}, {"source": "secalert@redhat.com", "url": "https://drupal.org/node/2064783"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2064785"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2065057"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}