Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702804
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2804-1 (drupal7 - several vulnerabilities)
Summary:Multiple vulnerabilities have been discovered in Drupal, a fully-featured;content management framework: Cross-site request forgery, insecure;pseudo random number generation, code execution, incorrect security token;validation and cross-site scripting.;;In order to avoid the remote code execution vulnerability, it is;recommended to create a .htaccess file (or an equivalent configuration;directive in case you are not using Apache to serve your Drupal sites);in each of your sites' files;directories (both public and private, in;case you have both configured).;;Please refer to the NEWS file provided with this update and the upstream;advisory at drupal.org/SA-CORE-2013-003;for further information.
Description:Summary:
Multiple vulnerabilities have been discovered in Drupal, a fully-featured
content management framework: Cross-site request forgery, insecure
pseudo random number generation, code execution, incorrect security token
validation and cross-site scripting.

In order to avoid the remote code execution vulnerability, it is
recommended to create a .htaccess file (or an equivalent configuration
directive in case you are not using Apache to serve your Drupal sites)
in each of your sites' files
directories (both public and private, in
case you have both configured).

Please refer to the NEWS file provided with this update and the upstream
advisory at drupal.org/SA-CORE-2013-003
for further information.

Affected Software/OS:
drupal7 on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 7.14-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 7.24-1.

We recommend that you upgrade your drupal7 packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-6387
Debian Security Information: DSA-2804 (Google Search)
http://www.debian.org/security/2013/dsa-2804
http://www.openwall.com/lists/oss-security/2013/11/22/4
Common Vulnerability Exposure (CVE) ID: CVE-2013-6386
Debian Security Information: DSA-2828 (Google Search)
http://www.debian.org/security/2013/dsa-2828
http://secunia.com/advisories/56148
Common Vulnerability Exposure (CVE) ID: CVE-2013-6385
Common Vulnerability Exposure (CVE) ID: CVE-2013-6389
Common Vulnerability Exposure (CVE) ID: CVE-2013-6388
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.