UBUNTU-CVE-2007-6752
- Source
- https://ubuntu.com/security/CVE-2007-6752
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2007/UBUNTU-CVE-2007-6752.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2007-6752
- Upstream
- Published
- 2012-03-28T10:54:00Z
- Modified
- 2025-09-08T16:42:50Z
- Severity
-
- Ubuntu - low
- Summary
- [none]
- Details
-
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
- References
-
- https://ubuntu.com/security/CVE-2007-6752
- http://www.exploit-db.com/exploits/18564/
- http://packetstormsecurity.org/files/110404/drupal712-xsrf.txt
- http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.html
- http://groups.drupal.org/node/216314
- http://drupal.org/node/144538
- https://www.cve.org/CVERecord?id=CVE-2007-6752
Affected packages
Ubuntu:Pro:14.04:LTS / drupal7
Package
- Name
- drupal7
- Purl
- pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm3?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.23-1
7.24-1
7.24-2
7.26-1
7.26-1ubuntu0.1
7.26-1ubuntu0.1+esm1
7.26-1ubuntu0.1+esm2
7.26-1ubuntu0.1+esm3