Test ID:	1.3.6.1.4.1.25623.1.0.59820
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-2649 (drupal)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to drupal announced via advisory FEDORA-2007-2649. Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. Update Information: - Upgrade to 5.3, fixes: - HTTP response splitting. - Arbitrary code execution. - Cross-site scripting. - Cross-site request forgery. - Access bypass. Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. References: [ 1 ] CVE-2007-5593 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5593 [ 2 ] CVE-2007-5594 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5594 [ 3 ] CVE-2007-5595 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5595 [ 4 ] CVE-2007-5596 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5596 [ 5 ] CVE-2007-5597 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5597 Updated packages: 41c95f8bb4ba179a7307a6fc62cf37bb95924371 drupal-5.3-1.fc7.noarch.rpm f5cf193c22cec390c1165dcf75ac6f2c378afce9 drupal-5.3-1.fc7.src.rpm This update can be installed with the yum update program. Use su -c 'yum update drupal' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2649 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5593 BugTraq ID: 26119 http://www.securityfocus.com/bid/26119 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch http://osvdb.org/39648 http://secunia.com/advisories/27290 http://secunia.com/advisories/27352 XForce ISS Database: drupal-installer-code-execution(37265) https://exchange.xforce.ibmcloud.com/vulnerabilities/37265 Common Vulnerability Exposure (CVE) ID: CVE-2007-5594 XForce ISS Database: drupal-http-request-csrf(37268) https://exchange.xforce.ibmcloud.com/vulnerabilities/37268 Common Vulnerability Exposure (CVE) ID: CVE-2007-5595 http://secunia.com/advisories/27292 http://www.vupen.com/english/advisories/2007/3546 XForce ISS Database: drupal-unspecified-response-splitting(37264) https://exchange.xforce.ibmcloud.com/vulnerabilities/37264 Common Vulnerability Exposure (CVE) ID: CVE-2007-5596 XForce ISS Database: drupal-uploadmodule-xss(37274) https://exchange.xforce.ibmcloud.com/vulnerabilities/37274 Common Vulnerability Exposure (CVE) ID: CVE-2007-5597 XForce ISS Database: drupal-api-information-disclosure(37296) https://exchange.xforce.ibmcloud.com/vulnerabilities/37296
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.