CVE-2008-3743

{"id": "CVE-2008-3743", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-08-27T15:21:00.000", "references": [{"url": "http://drupal.org/node/295053", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31462", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31825", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30689", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2392", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459108", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44453", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/295053", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31462", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31825", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30689", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2392", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459108", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44453", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en forms de Drupal 6.x antes de 6.4 permiten a atacantes remotos realizar acciones no especificadas mediante vectores desconocidos, relacionados a validaciones de testigo (token) incorrectas para (1) cached forms y (2) forms con elementos AHAH."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFE07AAD-9207-4C5F-A108-7F7753E4F48C"}, {"criteria": "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D8F291-CBEB-4EAA-9388-F63066A2DFA0"}, {"criteria": "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0BD5AEC-F20E-4E53-AF3F-2C60BA2D2171"}, {"criteria": "cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D76BC5-0409-4D78-8064-A78B923E9167"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}