CVE-2009-1507 : The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.

Published 2009-05-01 17:30:01

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-1507

Drupal » Nodeaccess Userreference » Version: 5.x-1.3
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-1.0
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-2.0 Update Beta4
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta4:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-2.0 Update Beta3
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta3:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.1
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.0
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-1.1
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-1.2
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-2.0 Update Beta1
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-2.0 Update Beta5
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta5:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.4
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.2
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-1.4
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-2.0 Update Beta1
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta1:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-2.0 Update Beta2
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-2.0:beta2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.7
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.7:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-2.0 Update Beta2
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta2:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 5.x-2.0 Update Beta3
cpe:2.3:a:drupal:nodeaccess_userreference:5.x-2.0:beta3:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.6
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.6:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal
Drupal » Nodeaccess Userreference » Version: 6.x-1.5
cpe:2.3:a:drupal:nodeaccess_userreference:6.x-1.5:*:*:*:*:*:*:*
Matching versions
When used together with: Drupal » Drupal

Exploit prediction scoring system (EPSS) score for CVE-2009-1507

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1507

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-1507

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1507

http://secunia.com/advisories/34955

Vendor Advisory
http://www.vupen.com/english/advisories/2009/1212
http://www.securityfocus.com/bid/34778

Patch
http://drupal.org/node/449030

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2009-1507

Products affected by CVE-2009-1507

Exploit prediction scoring system (EPSS) score for CVE-2009-1507

CVSS scores for CVE-2009-1507

CWE ids for CVE-2009-1507

References for CVE-2009-1507