Test ID:	1.3.6.1.4.1.25623.1.0.809432
Category:	Web application abuses
Title:	Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Windows
Summary:	Drupal is prone to multiple vulnerabilities.
Description:	Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - The system.temporary route not properly check for 'Export configuration' permission. - Users without 'Administer comments' set comment visibility on nodes. - Cross-site Scripting in http exceptions. Vulnerability Impact: Successful exploitation will allow remote authenticated users to set the visibility of comments for arbitrary nodes or to bypass intended access restrictions and read a full config export or to inject arbitrary web script. Affected Software/OS: Drupal core 8.x versions prior to 8.1.10 Solution: Update to version 8.1.10 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7571 BugTraq ID: 93101 http://www.securityfocus.com/bid/93101 http://www.securitytracker.com/id/1036886 Common Vulnerability Exposure (CVE) ID: CVE-2016-7572 Common Vulnerability Exposure (CVE) ID: CVE-2016-7570
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.