A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.
This vulnerability is mitigated by the fact that the malicious user must have an account on the site (or be able to create one), and the victim must have an account with one or more associated OpenID identities.
The Taxonomy module provides various listing pages which display content tagged with a particular taxonomy term. Custom or contributed modules may also provide similar lists. Under certain circumstances, unpublished content can appear on these pages and will be visible to users who should not have permission to see it.
This vulnerability is mitigated by the fact that it only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier.
Security hardening (Form API - Drupal 7 - Not critical)
The form API provides a method for developers to submit forms programmatically using the function drupal_form_submit(). During programmatic form submissions, all access checks are deliberately bypassed, and any form element may be submitted regardless of the current user's access level.
This is normal and expected behavior for most uses of programmatic form submissions; however, there are cases where custom or contributed code may need to send data provided by the current (untrusted) user to drupal_form_submit() and therefore need to respect access control on the form.
To facilitate this, a new, optional $form_state['programmed_bypass_access_check'] element has been added to the Drupal 7 form API. If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them.
This change does not fix a security issue in Drupal core itself, but rather provides a method for custom or contributed code to fix security issues that would be difficult or impossible to fix otherwise.
{"id": "DRUPAL-SA-CORE-2014-001", "type": "drupal", "bulletinFamily": "software", "title": "SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities\n", "description": "Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.\n\n### Impersonation (OpenID module - Drupal 6 and 7 - Highly critical)\n\nA vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.\n\nThis vulnerability is mitigated by the fact that the malicious user must have an account on the site (or be able to create one), and the victim must have an account with one or more associated OpenID identities.\n\n### Access bypass (Taxonomy module - Drupal 7 - Moderately critical)\n\nThe Taxonomy module provides various listing pages which display content tagged with a particular taxonomy term. Custom or contributed modules may also provide similar lists. Under certain circumstances, unpublished content can appear on these pages and will be visible to users who should not have permission to see it.\n\nThis vulnerability is mitigated by the fact that it only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier.\n\n### Security hardening (Form API - Drupal 7 - Not critical)\n\nThe form API provides a method for developers to submit forms programmatically using the function drupal_form_submit(). During programmatic form submissions, all access checks are deliberately bypassed, and any form element may be submitted regardless of the current user's access level.\n\nThis is normal and expected behavior for most uses of programmatic form submissions; however, there are cases where custom or contributed code may need to send data provided by the current (untrusted) user to drupal_form_submit() and therefore need to respect access control on the form.\n\nTo facilitate this, a new, optional $form_state['programmed_bypass_access_check'] element has been added to the Drupal 7 form API. If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them.\n\nThis change does not fix a security issue in Drupal core itself, but rather provides a method for custom or contributed code to fix security issues that would be difficult or impossible to fix otherwise.\n\n## CVE identifier(s) issued\n\n * Impersonation (OpenID module - Drupal 6 and 7 - Highly critical): **CVE-2014-1475**\n * Access bypass (Taxonomy module - Drupal 7 - Moderately critical): **CVE-2014-1476**\n * Security hardening (Form API - Drupal 7 - Not critical): **No CVE** necessary.****\n\n## Versions affected\n\n * Drupal core 6.x versions prior to 6.30.\n * Drupal core 7.x versions prior to 7.26.\n\n## Solution\n\nInstall the latest version:\n\n * If you use Drupal 6.x, upgrade to [Drupal core 6.30](<http://drupal.org/drupal-6.30-release-notes>).\n * If you use Drupal 7.x, upgrade to [Drupal core 7.26](<http://drupal.org/drupal-7.26-release-notes>).\n\nAlso see the [Drupal core](<http://drupal.org/project/drupal>) project page.\n\n## Reported by\n\n * The OpenID module impersonation issue was reported by [Christian Mainka](<https://drupal.org/user/1096424>) and Vladislav Mladenov.\n * The Taxonomy module access bypass issue was reported by [Matt Vance](<https://drupal.org/user/88338>), and by [Damien Tournoud](<https://drupal.org/user/22211>) of the Drupal Security Team.\n * The form API access bypass issue was reported by [David Rothstein](<https://drupal.org/user/124982>) of the Drupal Security Team.\n\n## Fixed by\n\n * The OpenID module impersonation issue was fixed by [Damien Tournoud](<https://drupal.org/user/22211>), [Heine Deelstra](<https://drupal.org/user/17943>), [Peter Wolanin](<https://drupal.org/user/49851>), and [David Rothstein](<https://drupal.org/user/124982>), all of the Drupal Security Team.\n * The Taxonomy module access bypass issue was fixed by [Jibran Ijaz](<https://drupal.org/user/1198144>), and by [Lee Rowlands](<https://drupal.org/user/395439>) of the Drupal Security Team.\n * The form API access bypass issue was fixed by [Damien Tournoud](<https://drupal.org/user/22211>) and [David Rothstein](<https://drupal.org/user/124982>) of the Drupal Security Team, and by [Marc Ingram](<https://drupal.org/user/77320>) and [Kyle Browning](<https://drupal.org/user/211387>).\n\n## Coordinated by\n\n * [The Drupal Security Team](<http://drupal.org/security-team>)\n", "published": "2014-01-15T00:00:00", "modified": "2014-01-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-01-15/sa-core-2014-001-drupal-core", "reporter": "Drupal Security Team", "references": ["https://drupal.org/user/1096424", "http://drupal.org/security-team/risk-levels", "https://drupal.org/user/77320", "http://drupal.org/writing-secure-code", "http://drupal.org/project/drupal", "https://drupal.org/user/124982", "https://drupal.org/user/1198144", "http://drupal.org/security/secure-configuration", "http://drupal.org/contact", "https://drupal.org/user/22211", "https://drupal.org/user/17943", "http://drupal.org/drupal-6.30-release-notes", "http://drupal.org/security-team", "https://drupal.org/user/49851", "https://drupal.org/user/211387", "https://twitter.com/drupalsecurity", "http://drupal.org/drupal-7.26-release-notes", "https://drupal.org/user/88338", "https://drupal.org/user/395439"], "cvelist": ["CVE-2014-1475", "CVE-2014-1476"], "lastseen": "2020-12-31T21:46:51", "viewCount": 621, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2020-12-31T21:46:51", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-1476", "CVE-2014-1475"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702851", "OPENVAS:702851", "OPENVAS:702847", "OPENVAS:1361412562310702847"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13548", "SECURITYVULNS:DOC:30285"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2851-1:D1106", "DEBIAN:DSA-2847-1:1D441"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2851.NASL", "DEBIAN_DSA-2847.NASL", "DRUPAL_6_30.NASL", "MANDRIVA_MDVSA-2014-031.NASL", "DRUPAL_7_26.NASL"]}], "modified": "2020-12-31T21:46:51", "rev": 2}, "vulnersScore": 5.8}, "affectedSoftware": [{"version": "6.30", "operator": "lt", "name": "drupal"}, {"version": "7.26", "operator": "lt", "name": "drupal"}]}
{"cve": [{"lastseen": "2020-10-03T12:01:14", "description": "The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2014-01-24T18:55:00", "title": "CVE-2014-1475", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1475"], "modified": "2014-02-21T05:06:00", "cpe": ["cpe:/a:drupal:drupal:7.21", "cpe:/a:drupal:drupal:7.11", "cpe:/a:drupal:drupal:6.1", "cpe:/a:drupal:drupal:7.19", "cpe:/a:drupal:drupal:6.10", "cpe:/a:drupal:drupal:7.16", "cpe:/a:drupal:drupal:6.2", "cpe:/a:drupal:drupal:6.18", "cpe:/a:drupal:drupal:7.20", "cpe:/a:drupal:drupal:7.18", "cpe:/a:drupal:drupal:6.14", "cpe:/a:drupal:drupal:6.22", "cpe:/a:drupal:drupal:6.15", "cpe:/a:drupal:drupal:7.23", "cpe:/a:drupal:drupal:7.10", "cpe:/a:drupal:drupal:6.24", "cpe:/a:drupal:drupal:7.13", "cpe:/a:drupal:drupal:6.23", "cpe:/a:drupal:drupal:6.16", "cpe:/a:drupal:drupal:7.12", "cpe:/a:drupal:drupal:6.12", "cpe:/a:drupal:drupal:7.2", "cpe:/a:drupal:drupal:7.1", "cpe:/a:drupal:drupal:6.27", "cpe:/a:drupal:drupal:6.20", "cpe:/a:drupal:drupal:7.17", "cpe:/a:drupal:drupal:6.21", "cpe:/a:drupal:drupal:7.24", "cpe:/a:drupal:drupal:6.25", "cpe:/a:drupal:drupal:7.14", "cpe:/a:drupal:drupal:7.15", "cpe:/a:drupal:drupal:6.11", "cpe:/a:drupal:drupal:7.0", "cpe:/a:drupal:drupal:7.22", "cpe:/a:drupal:drupal:6.28", "cpe:/a:drupal:drupal:6.17", "cpe:/a:drupal:drupal:6.0", "cpe:/a:drupal:drupal:6.19", "cpe:/a:drupal:drupal:6.13", "cpe:/a:drupal:drupal:6.26"], "id": "CVE-2014-1475", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1475", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:14", "description": "The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.", "edition": 3, "cvss3": {}, "published": "2014-01-24T18:55:00", "title": "CVE-2014-1476", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1476"], "modified": "2014-02-21T05:06:00", "cpe": ["cpe:/a:drupal:drupal:7.21", "cpe:/a:drupal:drupal:7.11", "cpe:/a:drupal:drupal:7.19", "cpe:/a:drupal:drupal:7.16", "cpe:/a:drupal:drupal:7.20", "cpe:/a:drupal:drupal:7.18", "cpe:/a:drupal:drupal:7.23", "cpe:/a:drupal:drupal:7.10", "cpe:/a:drupal:drupal:7.13", "cpe:/a:drupal:drupal:7.12", "cpe:/a:drupal:drupal:7.2", "cpe:/a:drupal:drupal:7.1", "cpe:/a:drupal:drupal:7.17", "cpe:/a:drupal:drupal:7.24", "cpe:/a:drupal:drupal:7.14", "cpe:/a:drupal:drupal:7.15", "cpe:/a:drupal:drupal:7.0", "cpe:/a:drupal:drupal:7.22"], "id": "CVE-2014-1476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1476", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:48:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "description": "Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-1475 \nChristian Mainka and Vladislav Mladenov reported a vulnerability\nin the OpenID module that allows a malicious user to log in as\nother users on the site, including administrators, and hijack\ntheir accounts.\n\nCVE-2014-1476 \nMatt Vance and Damien Tournoud reported an access bypass\nvulnerability in the taxonomy module. Under certain circumstances,\nunpublished content can appear on listing pages provided by the\ntaxonomy module and will be visible to users who should not have\npermission to see it.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 \nfor further\ninformation.", "modified": "2017-07-10T00:00:00", "published": "2014-01-20T00:00:00", "id": "OPENVAS:702847", "href": "http://plugins.openvas.org/nasl.php?oid=702847", "type": "openvas", "title": "Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2847.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 2847-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"drupal7 on Debian Linux\";\ntag_insight = \"Drupal is a dynamic web site platform which allows an individual or\ncommunity of users to publish, manage and organize a variety of\ncontent, Drupal integrates many popular features of content\nmanagement systems, weblogs, collaborative tools and discussion-based\ncommunity software into one easy-to-use package.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u2.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.26-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.26-1.\n\nWe recommend that you upgrade your drupal7 packages.\";\ntag_summary = \"Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-1475 \nChristian Mainka and Vladislav Mladenov reported a vulnerability\nin the OpenID module that allows a malicious user to log in as\nother users on the site, including administrators, and hijack\ntheir accounts.\n\nCVE-2014-1476 \nMatt Vance and Damien Tournoud reported an access bypass\nvulnerability in the taxonomy module. Under certain circumstances,\nunpublished content can appear on listing pages provided by the\ntaxonomy module and will be visible to users who should not have\npermission to see it.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 \nfor further\ninformation.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702847);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2014-1475\", \"CVE-2014-1476\");\n script_name(\"Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-01-20 00:00:00 +0100 (Mon, 20 Jan 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2847.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "description": "Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-1475\nChristian Mainka and Vladislav Mladenov reported a vulnerability\nin the OpenID module that allows a malicious user to log in as\nother users on the site, including administrators, and hijack\ntheir accounts.\n\nCVE-2014-1476\nMatt Vance and Damien Tournoud reported an access bypass\nvulnerability in the taxonomy module. Under certain circumstances,\nunpublished content can appear on listing pages provided by the\ntaxonomy module and will be visible to users who should not have\npermission to see it.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001\nfor further\ninformation.", "modified": "2019-03-19T00:00:00", "published": "2014-01-20T00:00:00", "id": "OPENVAS:1361412562310702847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702847", "type": "openvas", "title": "Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2847.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2847-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702847\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1475\", \"CVE-2014-1476\");\n script_name(\"Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-20 00:00:00 +0100 (Mon, 20 Jan 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2847.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"drupal7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u2.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.26-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.26-1.\n\nWe recommend that you upgrade your drupal7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-1475\nChristian Mainka and Vladislav Mladenov reported a vulnerability\nin the OpenID module that allows a malicious user to log in as\nother users on the site, including administrators, and hijack\ntheir accounts.\n\nCVE-2014-1476\nMatt Vance and Damien Tournoud reported an access bypass\nvulnerability in the taxonomy module. Under certain circumstances,\nunpublished content can appear on listing pages provided by the\ntaxonomy module and will be visible to users who should not have\npermission to see it.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001\nfor further\ninformation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-02T10:49:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1475"], "description": "Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages.", "modified": "2017-07-18T00:00:00", "published": "2014-02-02T00:00:00", "id": "OPENVAS:702851", "href": "http://plugins.openvas.org/nasl.php?oid=702851", "type": "openvas", "title": "Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2851.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2851-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"drupal6 on Debian Linux\";\ntag_insight = \"Drupal is a dynamic web site platform which allows an individual or\ncommunity of users to publish, manage and organize a variety of\ncontent, Drupal integrates many popular features of content\nmanagement systems, weblogs, collaborative tools and discussion-based\ncommunity software into one easy-to-use package.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.30-1.\n\nWe recommend that you upgrade your drupal6 packages.\";\ntag_summary = \"Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702851);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-1475\");\n script_name(\"Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-02 00:00:00 +0100 (Sun, 02 Feb 2014)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2851.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"drupal6\", ver:\"6.30-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1475"], "description": "Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages.", "modified": "2019-03-18T00:00:00", "published": "2014-02-02T00:00:00", "id": "OPENVAS:1361412562310702851", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702851", "type": "openvas", "title": "Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2851.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2851-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702851\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-1475\");\n script_name(\"Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-02 00:00:00 +0100 (Sun, 02 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2851.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"drupal6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.30-1.\n\nWe recommend that you upgrade your drupal6 packages.\");\n script_tag(name:\"summary\", value:\"Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"drupal6\", ver:\"6.30-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2847-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nJanuary 20, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : drupal7\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2014-1475 CVE-2014-1476\r\n\r\nMultiple vulnerabilities have been discovered in Drupal, a\r\nfully-featured content management framework. The Common Vulnerabilities\r\nand Exposures project identifies the following issues:\r\n\r\nCVE-2014-1475\r\n\r\n Christian Mainka and Vladislav Mladenov reported a vulnerability\r\n in the OpenID module that allows a malicious user to log in as\r\n other users on the site, including administrators, and hijack\r\n their accounts.\r\n\r\nCVE-2014-1476\r\n\r\n Matt Vance and Damien Tournoud reported an access bypass\r\n vulnerability in the taxonomy module. Under certain circumstances,\r\n unpublished content can appear on listing pages provided by the\r\n taxonomy module and will be visible to users who should not have\r\n permission to see it.\r\n\r\nThese fixes require extra updates to the database which can be done from\r\nthe administration pages. Furthermore this update introduces a new\r\nsecurity hardening element for the form API. Please refer to the\r\nupstream advisory at https://drupal.org/SA-CORE-2014-001 for further\r\ninformation.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 7.14-2+deb7u2.\r\n\r\nFor the testing distribution (jessie), these problems have been fixed in\r\nversion 7.26-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 7.26-1.\r\n\r\nWe recommend that you upgrade your drupal7 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJS3aWyAAoJEAVMuPMTQ89E5dIP/jqGEGwV+imuSDbtZ5lgRY/+\r\nIulXy6UkE9mtvO7o1i7TULJRQ+fC1QcMcukctkYEufhChDHMCoYw8vmcVr0Vug+C\r\nzVMdaETRxb+YwCnlGnSkpY80GKRE21BaTzUPrYbDW/Hqtzr8qH5/eEFPWA6wfB3C\r\nXjnUgZGPd7d44r4wXINbSdE66gtfHzvlfvM3QdiceVqSgR9jVcV5e1Wf0oG36tik\r\nqGsQJ6/nukUIgYxVSVx89xhFUFCgYtNzq42EB4p7nc6Zo6hYePuC0tbWzpVUD9jH\r\nkQipKkdnq+vnU1wYbgQ5odY7RGLenlGGDO1mQA4jXbGUEofQEOjS2jTznozSh8/m\r\n8Qv9pfXkGhcIb7SFNjKgnDBL/6gua8vQwKwogeSVOxBRVuSGLXloe6w7kMqOoCu9\r\nCE4zqIJPyISG9YRkEpkwB+o1SlVIYeIWxzrnjQkYxhcXAutPbCSF0iGTcTXdycPG\r\n/hQkh6rmCdZfUaCfPfgIobdp++8gHv/mmBbKtDUJl20I8hy4Yxq1lBdJoxTQ3jcp\r\nuGM00sUgIw3Nvxe34QS4zNmLZAyhiY2i6MYjEDyaWO4puoyp9ntWw6GSKDk9iU+3\r\nMX+6oiJ5W/oqDWzVtfntOkYRFR7+GLEPTXrt2Ip64BqseOPbUEhhB0duDzc+yMjZ\r\n8OMRqxQTnQI7VTAXvWmG\r\n=lAm7\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-03T00:00:00", "published": "2014-02-03T00:00:00", "id": "SECURITYVULNS:DOC:30285", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30285", "title": "[SECURITY] [DSA 2847-1] drupal7 security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1612", "CVE-2014-1631", "CVE-2013-6235", "CVE-2014-1476", "CVE-2013-5350", "CVE-2014-1632", "CVE-2014-0794", "CVE-2014-1475", "CVE-2014-0793", "CVE-2014-1607"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-02-03T00:00:00", "published": "2014-02-03T00:00:00", "id": "SECURITYVULNS:VULN:13548", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13548", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:01:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2847-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : drupal7\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2014-1475 CVE-2014-1476\n\nMultiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-1475\n\n Christian Mainka and Vladislav Mladenov reported a vulnerability\n in the OpenID module that allows a malicious user to log in as\n other users on the site, including administrators, and hijack\n their accounts.\n\nCVE-2014-1476\n\n Matt Vance and Damien Tournoud reported an access bypass\n vulnerability in the taxonomy module. Under certain circumstances,\n unpublished content can appear on listing pages provided by the\n taxonomy module and will be visible to users who should not have\n permission to see it.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at https://drupal.org/SA-CORE-2014-001 for further\ninformation.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u2.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.26-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.26-1.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 6, "modified": "2014-01-20T22:40:48", "published": "2014-01-20T22:40:48", "id": "DEBIAN:DSA-2847-1:1D441", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00016.html", "title": "[SECURITY] [DSA 2847-1] drupal7 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1475"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2851-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 02, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : drupal6\nVulnerability : impersonation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2014-1475\n\nChristian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.\n\nThese fixes require extra updates to the database which can be done from\nthe administration pages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.30-1.\n\nWe recommend that you upgrade your drupal6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2014-02-02T20:03:49", "published": "2014-02-02T20:03:49", "id": "DEBIAN:DSA-2851-1:D1106", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00021.html", "title": "[SECURITY] [DSA 2851-1] drupal6 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:48:17", "description": "Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common\nVulnerabilities and Exposures project identifies the following issues\n:\n\n - CVE-2014-1475\n Christian Mainka and Vladislav Mladenov reported a\n vulnerability in the OpenID module that allows a\n malicious user to log in as other users on the site,\n including administrators, and hijack their accounts.\n\n - CVE-2014-1476\n Matt Vance and Damien Tournoud reported an access bypass\n vulnerability in the taxonomy module. Under certain\n circumstances, unpublished content can appear on listing\n pages provided by the taxonomy module and will be\n visible to users who should not have permission to see\n it.\n\nThese fixes require extra updates to the database which can be done\nfrom the administration pages. Furthermore this update introduces a\nnew security hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 for further\ninformation.", "edition": 17, "published": "2014-01-21T00:00:00", "title": "Debian DSA-2847-1 : drupal7 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "modified": "2014-01-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:drupal7", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2847.NASL", "href": "https://www.tenable.com/plugins/nessus/72046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2847. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72046);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1475\", \"CVE-2014-1476\");\n script_bugtraq_id(64973);\n script_xref(name:\"DSA\", value:\"2847\");\n\n script_name(english:\"Debian DSA-2847-1 : drupal7 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common\nVulnerabilities and Exposures project identifies the following issues\n:\n\n - CVE-2014-1475\n Christian Mainka and Vladislav Mladenov reported a\n vulnerability in the OpenID module that allows a\n malicious user to log in as other users on the site,\n including administrators, and hijack their accounts.\n\n - CVE-2014-1476\n Matt Vance and Damien Tournoud reported an access bypass\n vulnerability in the taxonomy module. Under certain\n circumstances, unpublished content can appear on listing\n pages provided by the taxonomy module and will be\n visible to users who should not have permission to see\n it.\n\nThese fixes require extra updates to the database which can be done\nfrom the administration pages. Furthermore this update introduces a\nnew security hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 for further\ninformation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1476\"\n );\n # https://drupal.org/SA-CORE-2014-001\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45df5ae9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the drupal7 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 7.14-2+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"drupal7\", reference:\"7.14-2+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:31", "description": "Multiple security issues was identified and fixed in drupal :\n\nThe OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows\nremote OpenID users to authenticate as other users via unspecified\nvectors (CVE-2014-1475).\n\nThe Taxonomy module in Drupal 7.x before 7.26, when upgraded from an\nearlier version of Drupal, does not properly restrict access to\nunpublished content, which allows remote authenticated users to obtain\nsensitive information via a listing page (CVE-2014-1476).\n\nThe updated packages has been upgraded to the 7.26 version which is\nunaffected by these security flaws.", "edition": 25, "published": "2014-02-16T00:00:00", "title": "Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "modified": "2014-02-16T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:drupal-sqlite", "p-cpe:/a:mandriva:linux:drupal-postgresql", "p-cpe:/a:mandriva:linux:drupal", "p-cpe:/a:mandriva:linux:drupal-mysql"], "id": "MANDRIVA_MDVSA-2014-031.NASL", "href": "https://www.tenable.com/plugins/nessus/72529", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:031. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72529);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1475\", \"CVE-2014-1476\");\n script_bugtraq_id(64973);\n script_xref(name:\"MDVSA\", value:\"2014:031\");\n\n script_name(english:\"Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues was identified and fixed in drupal :\n\nThe OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows\nremote OpenID users to authenticate as other users via unspecified\nvectors (CVE-2014-1475).\n\nThe Taxonomy module in Drupal 7.x before 7.26, when upgraded from an\nearlier version of Drupal, does not properly restrict access to\nunpublished content, which allows remote authenticated users to obtain\nsensitive information via a listing page (CVE-2014-1476).\n\nThe updated packages has been upgraded to the 7.26 version which is\nunaffected by these security flaws.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://drupal.org/SA-CORE-2014-001\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drupal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drupal-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drupal-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:drupal-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"drupal-7.26-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"drupal-mysql-7.26-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"drupal-postgresql-7.26-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"drupal-sqlite-7.26-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T10:04:05", "description": "The remote web server is running a version of Drupal that is 7.x prior\nto 7.26. It is, therefore, potentially affected by the following\nsecurity bypass vulnerabilities :\n\n - An issue exists in the OpenID module that allows an\n authenticated attacker to hijack other users' accounts.\n Only user accounts associated with one or more OpenID\n entities are affected. (CVE-2014-1475)\n\n - An issue exists in the Taxonomy module that could allow\n potentially sensitive, unpublished content to be\n publicly viewable. Only Drupal 7 sites that upgraded\n from Drupal 6 or earlier are affected. (CVE-2014-1476)\n\n - A potential issue exists in the drupal_form_submit()\n function within the form API in which access checks are\n bypassed.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 29, "published": "2014-01-23T00:00:00", "title": "Drupal 7.x < 7.26 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1476", "CVE-2014-1475"], "modified": "2014-01-23T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "DRUPAL_7_26.NASL", "href": "https://www.tenable.com/plugins/nessus/72103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72103);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1475\", \"CVE-2014-1476\");\n script_bugtraq_id(64973);\n\n script_name(english:\"Drupal 7.x < 7.26 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Drupal.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nsecurity bypass vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is running a version of Drupal that is 7.x prior\nto 7.26. It is, therefore, potentially affected by the following\nsecurity bypass vulnerabilities :\n\n - An issue exists in the OpenID module that allows an\n authenticated attacker to hijack other users' accounts.\n Only user accounts associated with one or more OpenID\n entities are affected. (CVE-2014-1475)\n\n - An issue exists in the Taxonomy module that could allow\n potentially sensitive, unpublished content to be\n publicly viewable. Only Drupal 7 sites that upgraded\n from Drupal 6 or earlier are affected. (CVE-2014-1476)\n\n - A potential issue exists in the drupal_form_submit()\n function within the form API in which access checks are\n bypassed.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-01-15/sa-core-2014-001-drupal-core\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45df5ae9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/7.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 7.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1475\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"drupal_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/Drupal\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Drupal\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\nurl = build_url(qs:dir, port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfix = '7.26';\nif (version =~ \"^7\\.([0-9]|1[0-9]|2[0-5])($|[^0-9]+)\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:18", "description": "Christian Mainka and Vladislav Mladenov reported a vulnerability in\nthe OpenID module of Drupal, a fully-featured content management\nframework. A malicious user could exploit this flaw to log in as other\nusers on the site, including administrators, and hijack their\naccounts.\n\nThese fixes require extra updates to the database which can be done\nfrom the administration pages.", "edition": 16, "published": "2014-02-03T00:00:00", "title": "Debian DSA-2851-1 : drupal6 - impersonation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1475"], "modified": "2014-02-03T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:drupal6"], "id": "DEBIAN_DSA-2851.NASL", "href": "https://www.tenable.com/plugins/nessus/72248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2851. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72248);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1475\");\n script_bugtraq_id(64973);\n script_xref(name:\"DSA\", value:\"2851\");\n\n script_name(english:\"Debian DSA-2851-1 : drupal6 - impersonation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Mainka and Vladislav Mladenov reported a vulnerability in\nthe OpenID module of Drupal, a fully-featured content management\nframework. A malicious user could exploit this flaw to log in as other\nusers on the site, including administrators, and hijack their\naccounts.\n\nThese fixes require extra updates to the database which can be done\nfrom the administration pages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/drupal6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2851\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the drupal6 packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 6.30-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"drupal6\", reference:\"6.30-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T10:04:04", "description": "The remote web server is running a version of Drupal that is 6.x prior\nto 6.30. It is, therefore, affected by a security bypass vulnerability\nin the OpenID module that could allow an authenticated attacker to\nhijack other users' accounts. Only user accounts associated with one\nor more OpenID entities are affected.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 29, "published": "2014-01-23T00:00:00", "title": "Drupal 6.x < 6.30 OpenID Module Account Hijacking", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1475"], "modified": "2014-01-23T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "DRUPAL_6_30.NASL", "href": "https://www.tenable.com/plugins/nessus/72102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72102);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1475\");\n script_bugtraq_id(64973);\n\n script_name(english:\"Drupal 6.x < 6.30 OpenID Module Account Hijacking\");\n script_summary(english:\"Checks the version of Drupal.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\na security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is running a version of Drupal that is 6.x prior\nto 6.30. It is, therefore, affected by a security bypass vulnerability\nin the OpenID module that could allow an authenticated attacker to\nhijack other users' accounts. Only user accounts associated with one\nor more OpenID entities are affected.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-01-15/sa-core-2014-001-drupal-core\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45df5ae9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/6.30\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 6.30 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1475\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"drupal_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/Drupal\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Drupal\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\nurl = build_url(qs:dir, port:port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfix = '6.30';\nif (version =~ \"^6\\.([0-9]|[12][0-9])($|[^0-9]+)\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
