|
Drupal Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA17824
|
|
|
Release Date:
|
2005-12-01
|
|
Last Update:
|
2005-12-07
|
|
Popularity:
|
10,130 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Drupal 4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks.
1) An input validation error in the filtering of HTML code can be exploited to inject arbitrary JavaScript code in submitted content, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
Successful exploitation requires that the user has access to the full HTML input format.
The vulnerability has been reported in versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3. Prior versions may also be affected.
2) An input validation error in the attachment handling can be exploited to upload a malicious image with embedded HTML and script content, which will be executed in a user's browser session in context of an affected site when viewed directly with the Microsoft Internet Explorer browser.
This is related to:
SA17295
This can also be exploited to inject arbitrary HTTP headers, which will be included in the response sent to the user.
The vulnerability has been reported in versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3. Prior versions may also be affected.
3) The problem is that it is possible to bypass the "access user profile" permission. However, this cannot be exploited to modify data.
Successful exploitation requires that the server runs PHP 5.
The vulnerability has been reported in version 4.6.0 through 4.6.3.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
