CVE-2012-1645

EUVD-2012-1655
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
wimleerscdn
6.x-2.2:x
wimleerscdn
7.x-2.2:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1441480
http://drupal.org/node/1441482
http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
http://secunia.com/advisories/48032
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79317
https://drupal.org/node/1441502
http://drupal.org/node/1441480
http://drupal.org/node/1441482
http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff
http://drupalcode.org/project/cdn.git/commitdiff/eca85e6
http://secunia.com/advisories/48032
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79317
https://drupal.org/node/1441502