Candidate: CVE-2012-0825 PublicDate: 2013-10-28 22:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://drupal.org/node/1425084 Description: Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Rui Wang, Shuo Chen and Xiao Feng Assigned-to: CVSS: Patches_drupal6: upstream_drupal6: released (6.23) hardy_drupal6: DNE lucid_drupal6: ignored (reached end-of-life) maverick_drupal6: ignored (reached end-of-life) natty_drupal6: ignored (reached end-of-life) oneiric_drupal6: ignored (reached end-of-life) precise_drupal6: ignored (reached end-of-life) precise/esm_drupal6: DNE (precise was needed) quantal_drupal6: not-affected (6.26-1.1ubuntu1) raring_drupal6: not-affected (6.26-1.1ubuntu1) saucy_drupal6: DNE trusty_drupal6: DNE trusty/esm_drupal6: DNE utopic_drupal6: DNE vivid_drupal6: DNE vivid/stable-phone-overlay_drupal6: DNE vivid/ubuntu-core_drupal6: DNE wily_drupal6: DNE xenial_drupal6: DNE yakkety_drupal6: DNE zesty_drupal6: DNE devel_drupal6: DNE Patches_drupal7: upstream_drupal7: released (7.11) hardy_drupal7: DNE lucid_drupal7: DNE maverick_drupal7: DNE natty_drupal7: DNE oneiric_drupal7: DNE precise_drupal7: not-affected (7.12-1) precise/esm_drupal7: DNE (precise was not-affected [7.12-1]) quantal_drupal7: not-affected (7.14-1) raring_drupal7: not-affected (7.14-1) saucy_drupal7: not-affected (7.14-1) trusty_drupal7: not-affected (7.14-1) trusty/esm_drupal7: DNE (trusty was not-affected [7.14-1]) utopic_drupal7: not-affected (7.14-1) vivid_drupal7: not-affected (7.14-1) vivid/stable-phone-overlay_drupal7: DNE vivid/ubuntu-core_drupal7: DNE wily_drupal7: not-affected (7.14-1) xenial_drupal7: not-affected (7.14-1) yakkety_drupal7: not-affected (7.14-1) zesty_drupal7: not-affected (7.14-1) devel_drupal7: not-affected (7.14-1)