Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800123
Category:Web application abuses
Title:Drupal Core Multiple Vulnerabilities
Summary:This host is installed with Drupal and is prone to; multiple vulnerabilities.
Description:Summary:
This host is installed with Drupal and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Flaws are due to:

- logic error in the core upload module validation, which allows unprivileged users to attach files.

- ability to view attached file content which they don't have access.

- deficiency in the user module allows users who had been blocked by access rules.

- weakness in the node module API allows for node validation to be bypassed in certain circumstances.

Vulnerability Impact:
Successful exploitation allows authenticated users to bypass
access restrictions and can even allows unauthorized users to obtain sensitive information.

Affected Software/OS:
Drupal Version 5.x prior to 5.11 and 6.x prior to 6.5 on all running platform.

Solution:
Upgrade Drupal Version 5.x to 5.11/6.x to Drupal 6.5 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4789
http://www.openwall.com/lists/oss-security/2008/10/21/7
http://secunia.com/advisories/32198
XForce ISS Database: drupal-uploadmodule-upload-security-bypass(45755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45755
Common Vulnerability Exposure (CVE) ID: CVE-2008-4790
http://secunia.com/advisories/32200
XForce ISS Database: drupal-uploadmodule-security-bypass(45758)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45758
Common Vulnerability Exposure (CVE) ID: CVE-2008-4791
http://secunia.com/advisories/32201
XForce ISS Database: drupal-usermodule-security-bypass(45766)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45766
Common Vulnerability Exposure (CVE) ID: CVE-2008-4793
XForce ISS Database: drupal-nodemoduleapi-security-bypass(45763)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45763
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.