Vulnerability Details : CVE-2012-2922

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.

Vulnerability category: Information leak

Published 2012-05-21 22:55:01

Updated 2017-08-29 01:31:46

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-2922

Probability of exploitation activity in the next 30 days: 0.73%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2922

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2922

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2922

http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html
http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074

mandriva.com

CVEs referencing this url
http://www.securityfocus.com/bid/53454

Drupal Core Path Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/75531

Drupal index.php path disclsoure CVE-2012-2922 Vulnerability Report
http://www.openwall.com/lists/oss-security/2012/08/02/8

oss-security - Re: CVE Request for Drupal contributed modules
http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html

Exploit

Products affected by CVE-2012-2922

Drupal » Drupal
Versions up to, including, (<=) 7.14
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0
cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.1
cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.2
cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.10
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.3
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.1
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha7
cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha2
cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0
cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.12
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.18
cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC3
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.16
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC2
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta3
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.3
cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.20
cpe:2.3:a:drupal:drupal:5.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.19
cpe:2.3:a:drupal:drupal:5.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.13
cpe:2.3:a:drupal:drupal:5.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.17
cpe:2.3:a:drupal:drupal:5.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.5
cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0 Update RC1
cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.8
cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.7
cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.6
cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.5
cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.4
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha6
cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha5
cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha4
cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha3
cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.2
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.10
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.9
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.1
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC1
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.11
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.3
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.12
cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.11
cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.21
cpe:2.3:a:drupal:drupal:5.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0 Update DEV
cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.22
cpe:2.3:a:drupal:drupal:5.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.8
cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update DEV
cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.6
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.7
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.5
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.14
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.13
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC4
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta2
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.15
cpe:2.3:a:drupal:drupal:5.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.14
cpe:2.3:a:drupal:drupal:5.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.16
cpe:2.3:a:drupal:drupal:5.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0 Update RC2
cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.10
cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0 Update Beta1
cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.0 Update Beta2
cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.11
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.9
cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.2
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha1
cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.15
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.8
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.17
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update DEV
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta4
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.4
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta1
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.7
cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.23
cpe:2.3:a:drupal:drupal:5.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.18
cpe:2.3:a:drupal:drupal:5.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.4
cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.9
cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 5.6
cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.12
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
Matching versions