CVE-2010-2473

EUVD-2010-2482
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
5.0 ≤
𝑥
< 5.22
drupaldrupal
6.0 ≤
𝑥
< 6.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
hardy
dne
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
dne
Common Weakness Enumeration
References
https://security-tracker.debian.org/tracker/CVE-2010-2473
https://www.drupal.org/node/731710
https://www.openwall.com/lists/oss-security/2010/06/28/8
https://security-tracker.debian.org/tracker/CVE-2010-2473
https://www.drupal.org/node/731710
https://www.openwall.com/lists/oss-security/2010/06/28/8