ID CVE-2007-5595 Type cve Reporter cve@mitre.org Modified 2018-10-26T14:13:00
Description
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
{"osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-5595"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://drupal.org/node/184315)\n[Secunia Advisory ID:27292](https://secuniaresearch.flexerasoftware.com/advisories/27292/)\n[Secunia Advisory ID:27352](https://secuniaresearch.flexerasoftware.com/advisories/27352/)\n[Secunia Advisory ID:27293](https://secuniaresearch.flexerasoftware.com/advisories/27293/)\n[Related OSVDB ID: 1018950](https://vulners.com/osvdb/OSVDB:1018950)\n[Related OSVDB ID: 1018951](https://vulners.com/osvdb/OSVDB:1018951)\nOther Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=547880\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html\nISS X-Force ID: 37264\nFrSIRT Advisory: ADV-2007-3546\n[CVE-2007-5595](https://vulners.com/cve/CVE-2007-5595)\nBugtraq ID: 26119\n", "edition": 1, "modified": "2007-10-17T17:18:29", "published": "2007-10-17T17:18:29", "href": "https://vulners.com/osvdb/OSVDB:39636", "id": "OSVDB:39636", "title": "Drupal includes/common.inc drupal_goto Function CRLF Injection", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5595", "CVE-2007-5593", "CVE-2007-5597", "CVE-2007-5594", "CVE-2007-5596"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-16T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58778", "href": "http://plugins.openvas.org/nasl.php?oid=58778", "type": "openvas", "title": "FreeBSD Ports: drupal4", "sourceData": "#\n#VID 9c00d446-8208-11dc-9283-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n drupal4\n drupal5\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://drupal.org/node/184315\nhttp://drupal.org/node/184316\nhttp://drupal.org/node/184348\nhttp://drupal.org/node/184354\nhttp://drupal.org/node/184320\nhttp://secunia.com/advisories/27292\nhttp://secunia.com/advisories/27292\nhttp://secunia.com/advisories/27292\nhttp://secunia.com/advisories/27290\nhttp://secunia.com/advisories/27290\nhttp://www.vuxml.org/freebsd/9c00d446-8208-11dc-9283-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58778);\n script_version(\"$Revision: 4078 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-5597\", \"CVE-2007-5596\", \"CVE-2007-5595\", \"CVE-2007-5594\", \"CVE-2007-5593\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: drupal4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"drupal4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.7.8\")<0) {\n txt += 'Package drupal4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"drupal5\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.3\")<0) {\n txt += 'Package drupal5 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5595", "CVE-2007-5593", "CVE-2007-5597", "CVE-2007-5594", "CVE-2007-5596"], "description": "Check for the Version of drupal", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861489", "href": "http://plugins.openvas.org/nasl.php?oid=861489", "type": "openvas", "title": "Fedora Update for drupal FEDORA-2007-2649", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for drupal FEDORA-2007-2649\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"drupal on Fedora 7\";\ntag_insight = \"Equipped with a powerful blend of features, Drupal is a Content Management\n System written in PHP that can support a variety of websites ranging from\n personal weblogs to large community-driven websites. Drupal is highly\n configurable, skinnable, and secure.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html\");\n script_id(861489);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2649\");\n script_cve_id(\"CVE-2007-5593\", \"CVE-2007-5594\", \"CVE-2007-5595\", \"CVE-2007-5596\", \"CVE-2007-5597\");\n script_name( \"Fedora Update for drupal FEDORA-2007-2649\");\n\n script_summary(\"Check for the Version of drupal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"drupal\", rpm:\"drupal~5.3~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drupal\", rpm:\"drupal~5.3~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5595", "CVE-2007-5593", "CVE-2007-5597", "CVE-2007-5594", "CVE-2007-5596"], "description": "\nThe Drupal Project reports:\n\nIn some circumstances Drupal allows user-supplied data to\n\t become part of response headers. As this user-supplied data\n\t is not always properly escaped, this can be exploited by\n\t malicious users to execute HTTP response splitting attacks\n\t which may lead to a variety of issues, among them cache\n\t poisoning, cross-user defacement and injection of arbitrary\n\t code.\n\n\nThe Drupal installer allows any visitor to provide credentials\n\t for a database when the site's own database is not reachable. This\n\t allows attackers to run arbitrary code on the site's server.\n\t An immediate workaround is the removal of the file install.php\n\t in the Drupal root directory.\n\n\nThe allowed extension list of the core Upload module contains\n\t the extension HTML by default. Such files can be used to execute\n\t arbitrary script code in the context of the affected site when a\n\t user views the file. Revoking upload permissions or removing the\n\t .html extension from the allowed extension list will stop uploads\n\t of malicious files. but will do nothing to protect your site\n\t againstfiles that are already present. Carefully inspect the file\n\t system path for any HTML files. We recommend you remove any HTML\n\t file you did not update yourself. You should look for , CSS\n\t includes, Javascript includes, and onerror=\"\" attributes if\n\t you need to review files individually.\n\n\nThe Drupal Forms API protects against cross site request\n\t forgeries (CSRF), where a malicious site can cause a user\n\t to unintentionally submit a form to a site where he is\n\t authenticated. The user deletion form does not follow the\n\t standard Forms API submission model and is therefore not\n\t protected against this type of attack. A CSRF attack may\n\t result in the deletion of users.\n\n\nThe publication status of comments is not passed during the\n\t hook_comments API operation, causing various modules that rely\n\t on the publication status (such as Organic groups, or Subscriptions)\n\t to mail out unpublished comments.\n\n", "edition": 5, "modified": "2007-10-17T00:00:00", "published": "2007-10-17T00:00:00", "id": "9C00D446-8208-11DC-9283-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/9c00d446-8208-11dc-9283-0016179b2dd5.html", "title": "drupal --- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:48:25", "description": "The Drupal Project reports :\n\nIn some circumstances Drupal allows user-supplied data to become part\nof response headers. As this user-supplied data is not always properly\nescaped, this can be exploited by malicious users to execute HTTP\nresponse splitting attacks which may lead to a variety of issues,\namong them cache poisoning, cross-user defacement and injection of\narbitrary code.\n\nThe Drupal installer allows any visitor to provide credentials for a\ndatabase when the site's own database is not reachable. This allows\nattackers to run arbitrary code on the site's server. An immediate\nworkaround is the removal of the file install.php in the Drupal root\ndirectory.\n\nThe allowed extension list of the core Upload module contains the\nextension HTML by default. Such files can be used to execute arbitrary\nscript code in the context of the affected site when a user views the\nfile. Revoking upload permissions or removing the .html extension from\nthe allowed extension list will stop uploads of malicious files. but\nwill do nothing to protect your site againstfiles that are already\npresent. Carefully inspect the file system path for any HTML files. We\nrecommend you remove any HTML file you did not update yourself. You\nshould look for , CSS includes, JavaScript includes, and onerror=''\nattributes if you need to review files individually.\n\nThe Drupal Forms API protects against cross site request forgeries\n(CSRF), where a malicious site can cause a user to unintentionally\nsubmit a form to a site where he is authenticated. The user deletion\nform does not follow the standard Forms API submission model and is\ntherefore not protected against this type of attack. A CSRF attack may\nresult in the deletion of users.\n\nThe publication status of comments is not passed during the\nhook_comments API operation, causing various modules that rely on the\npublication status (such as Organic groups, or Subscriptions) to mail\nout unpublished comments.", "edition": 27, "published": "2007-10-25T00:00:00", "title": "FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5595", "CVE-2007-5593", "CVE-2007-5597", "CVE-2007-5594", "CVE-2007-5596"], "modified": "2007-10-25T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:drupal5", "p-cpe:/a:freebsd:freebsd:drupal4"], "id": "FREEBSD_PKG_9C00D446820811DC92830016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/27551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27551);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5593\", \"CVE-2007-5594\", \"CVE-2007-5595\", \"CVE-2007-5596\", \"CVE-2007-5597\");\n script_xref(name:\"Secunia\", value:\"27290\");\n script_xref(name:\"Secunia\", value:\"27292\");\n\n script_name(english:\"FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Drupal Project reports :\n\nIn some circumstances Drupal allows user-supplied data to become part\nof response headers. As this user-supplied data is not always properly\nescaped, this can be exploited by malicious users to execute HTTP\nresponse splitting attacks which may lead to a variety of issues,\namong them cache poisoning, cross-user defacement and injection of\narbitrary code.\n\nThe Drupal installer allows any visitor to provide credentials for a\ndatabase when the site's own database is not reachable. This allows\nattackers to run arbitrary code on the site's server. An immediate\nworkaround is the removal of the file install.php in the Drupal root\ndirectory.\n\nThe allowed extension list of the core Upload module contains the\nextension HTML by default. Such files can be used to execute arbitrary\nscript code in the context of the affected site when a user views the\nfile. Revoking upload permissions or removing the .html extension from\nthe allowed extension list will stop uploads of malicious files. but\nwill do nothing to protect your site againstfiles that are already\npresent. Carefully inspect the file system path for any HTML files. We\nrecommend you remove any HTML file you did not update yourself. You\nshould look for , CSS includes, JavaScript includes, and onerror=''\nattributes if you need to review files individually.\n\nThe Drupal Forms API protects against cross site request forgeries\n(CSRF), where a malicious site can cause a user to unintentionally\nsubmit a form to a site where he is authenticated. The user deletion\nform does not follow the standard Forms API submission model and is\ntherefore not protected against this type of attack. A CSRF attack may\nresult in the deletion of users.\n\nThe publication status of comments is not passed during the\nhook_comments API operation, causing various modules that rely on the\npublication status (such as Organic groups, or Subscriptions) to mail\nout unpublished comments.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://drupal.org/node/184315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://drupal.org/node/184316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://drupal.org/node/184348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://drupal.org/node/184354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://drupal.org/node/184320\"\n );\n # https://vuxml.freebsd.org/freebsd/9c00d446-8208-11dc-9283-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f25a4d22\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(79, 94, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:drupal4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:drupal5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"drupal4<4.7.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"drupal5<5.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:06", "description": " - Upgrade to 5.3, fixes :\n\n - HTTP response splitting.\n\n - Arbitrary code execution.\n\n - Cross-site scripting.\n\n - Cross-site request forgery.\n\n - Access bypass.\n\nRemember to log in to your site as the admin user before upgrading\nthis package. After upgrading the package, browse to\nhttp://host/drupal/update.php to run the upgrade script.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : drupal-5.3-1.fc7 (2007-2649)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5595", "CVE-2007-5593", "CVE-2007-5597", "CVE-2007-5594", "CVE-2007-5596"], "modified": "2007-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:drupal", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2007-2649.NASL", "href": "https://www.tenable.com/plugins/nessus/27783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2649.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27783);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5593\", \"CVE-2007-5594\", \"CVE-2007-5595\", \"CVE-2007-5596\", \"CVE-2007-5597\");\n script_xref(name:\"FEDORA\", value:\"2007-2649\");\n\n script_name(english:\"Fedora 7 : drupal-5.3-1.fc7 (2007-2649)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upgrade to 5.3, fixes :\n\n - HTTP response splitting.\n\n - Arbitrary code execution.\n\n - Cross-site scripting.\n\n - Cross-site request forgery.\n\n - Access bypass.\n\nRemember to log in to your site as the admin user before upgrading\nthis package. After upgrading the package, browse to\nhttp://host/drupal/update.php to run the upgrade script.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004298.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af3bec2d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected drupal package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(79, 94, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drupal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"drupal-5.3-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drupal\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5593", "CVE-2007-5594", "CVE-2007-5595", "CVE-2007-5596", "CVE-2007-5597"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2007-10-24T07:15:27", "published": "2007-10-24T07:15:27", "id": "FEDORA:L9O7FQJA023071", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: drupal-5.3-1.fc7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
