Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2922 to the following vulnerability: Name: CVE-2012-2922 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2922 Assigned: 20120521 Reference: BUGTRAQ:20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability Reference: http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html Reference: BUGTRAQ:20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability (Update) Reference: http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html Reference: BUGTRAQ:20120510 Re: Drupal 7.14 <= Full Path Disclosure Vulnerability Reference: http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html Reference: http://www.securityfocus.com/bid/53454 Reference: SECUNIA:49131 Reference: http://secunia.com/advisories/49131 The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Created drupal7 tracking bugs for this issue Affects: fedora-all [bug 824631] Affects: epel-all [bug 824632]