CVE-2012-1645

N/A Unknown

Published: August 28, 2012 Modified: April 29, 2026

Description

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://drupal.org/node/1441480

Source: secalert@redhat.com

http://drupal.org/node/1441482

Source: secalert@redhat.com

Patch

http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff

Source: secalert@redhat.com

Patch

http://drupalcode.org/project/cdn.git/commitdiff/eca85e6

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/48032

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/04/07/1

Source: secalert@redhat.com

http://www.osvdb.org/79317

Source: secalert@redhat.com

https://drupal.org/node/1441502

Source: secalert@redhat.com

Patch Vendor Advisory

http://drupal.org/node/1441480