Lucene search

FreeBSD706C9EEF-A077-11DD-B413-001372FD0AF2

HistoryOct 22, 2008 - 12:00 a.m.

drupal -- multiple vulnerabilities

2008-10-2200:00:00

vuxml.freebsd.org

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

46.2%

JSON

The Drupal Project reports:

On a server configured for IP-based virtual hosts, Drupal may be
caused to include and execute specifically named files outside
of its root directory. This bug affects both Drupal 5 and
Drupal 6.
The title of book pages is not always properly escaped, enabling
users with the “create book content” permission or the
permission to edit any node in the book hierarchy to insert
arbitrary HTML and script code into pages. Such a Cross site
scripting attack may lead to the attacker gaining administrator
access. This bug affects Drupal 6.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdrupal5< 5.12UNKNOWN
FreeBSDanynoarchdrupal6< 6.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	drupal5	< 5.12	UNKNOWN
FreeBSD	any	noarch	drupal6	< 6.6	UNKNOWN

References

drupal.org/node/324824

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

46.2%

JSON

Related for 706C9EEF-A077-11DD-B413-001372FD0AF2