CVE-2012-1645

Name of the Vulnerable Software and Affected Versions CDN module versions 6.x-2.2 and 7.x-2.2 for Drupal

Description The issue allows remote attackers to read arbitrary PHP files via unspecified vectors when the CDN module is running in Origin Pull mode with the "Far Future expiration" option enabled. This is demonstrated by the ability to read settings.php.

Recommendations For CDN module version 6.x-2.2, consider disabling the Origin Pull mode or the "Far Future expiration" option as a temporary workaround until a patch is available. For CDN module version 7.x-2.2, consider disabling the Origin Pull mode or the "Far Future expiration" option as a temporary workaround until a patch is available.