Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4773.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4773-1)
Summary:	The remote host is missing an update for the 'drupal7' package(s) announced via the USN-4773-1 advisory.
Description:	Summary: The remote host is missing an update for the 'drupal7' package(s) announced via the USN-4773-1 advisory. Vulnerability Insight: It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely compromise a Drupal site. (CVE-2018-7600, CVE-2018-7602) It was discovered that password reset URLs in Drupal could be forged. An attacker could use this vulnerability to gain access to another user's account. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2559) It was discovered that Drupal did not properly protect against open redirects. An attacker could use this vulnerability to send unsuspecting users to 3rd party sites and potentially carry out phishing attacks. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2749, CVE-2015-2750) Affected Software/OS: 'drupal7' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2559 BugTraq ID: 73219 http://www.securityfocus.com/bid/73219 Debian Security Information: DSA-3200 (Google Search) http://www.debian.org/security/2015/dsa-3200 Common Vulnerability Exposure (CVE) ID: CVE-2015-2749 http://www.openwall.com/lists/oss-security/2015/03/26/4 Common Vulnerability Exposure (CVE) ID: CVE-2015-2750 Common Vulnerability Exposure (CVE) ID: CVE-2018-7600 BugTraq ID: 103534 http://www.securityfocus.com/bid/103534 Debian Security Information: DSA-4156 (Google Search) https://www.debian.org/security/2018/dsa-4156 https://www.exploit-db.com/exploits/44448/ https://www.exploit-db.com/exploits/44449/ https://www.exploit-db.com/exploits/44482/ https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/ https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714 https://github.com/a2u/CVE-2018-7600 https://github.com/g0rx/CVE-2018-7600-Drupal-RCE https://greysec.net/showthread.php?tid=2912&pid=10561 https://research.checkpoint.com/uncovering-drupalgeddon-2/ https://twitter.com/RicterZ/status/979567469726613504 https://twitter.com/RicterZ/status/984495201354854401 https://twitter.com/arancaytar/status/979090719003627521 https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html http://www.securitytracker.com/id/1040598 Common Vulnerability Exposure (CVE) ID: CVE-2018-7602 BugTraq ID: 103985 http://www.securityfocus.com/bid/103985 Debian Security Information: DSA-4180 (Google Search) https://www.debian.org/security/2018/dsa-4180 https://www.exploit-db.com/exploits/44542/ https://www.exploit-db.com/exploits/44557/ https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html http://www.securitytracker.com/id/1040754
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.