Lucene search

FreeBSD609C790E-CE0A-11DD-A721-0030843D3802

HistoryDec 11, 2008 - 12:00 a.m.

drupal -- multiple vulnerabilities

2008-12-1100:00:00

vuxml.freebsd.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.7%

JSON

The Drupal Project reports:

The update system is vulnerable to Cross site request forgeries.
Malicious users may cause the superuser (user 1) to execute old
updates that may damage the database.
When an input format is deleted, not all existing content on a site
is updated to reflect this deletion. Such content is then displayed
unfiltered. This may lead to cross site scripting attacks when harmful
tags are no longer stripped from ‘malicious’ content that was posted
earlier.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdrupal5< 5.14UNKNOWN
FreeBSDanynoarchdrupal6< 6.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	drupal5	< 5.14	UNKNOWN
FreeBSD	any	noarch	drupal6	< 6.8	UNKNOWN

References

drupal.org/node/345441

secunia.com/advisories/33112/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.7%

JSON

Related for 609C790E-CE0A-11DD-A721-0030843D3802