CVE-2010-2473

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
drupaldrupal
5.0 ≤
𝑥
< 5.22
drupaldrupal
6.0 ≤
𝑥
< 6.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
saucy
dne
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
https://security-tracker.debian.org/tracker/CVE-2010-2473
https://www.drupal.org/node/731710
https://www.openwall.com/lists/oss-security/2010/06/28/8
https://security-tracker.debian.org/tracker/CVE-2010-2473
https://www.drupal.org/node/731710
https://www.openwall.com/lists/oss-security/2010/06/28/8