| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
| CVE-2009-2035 | 12 Jun 200917:28 | – | cve | |
| CVE-2009-2035 | 12 Jun 200917:28 | – | cvelist | |
| EUVD-2009-2031 | 7 Oct 202500:30 | – | euvd | |
| CVE-2009-2035 | 12 Jun 200918:00 | – | nvd | |
| Code injection | 12 Jun 200918:00 | – | prion | |
| CVE-2009-2035 | 21 May 202521:01 | – | redhatcve |
| Source | Link |
|---|---|
| drupal | www.drupal.org/node/488004 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(39365);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2009-2035");
script_bugtraq_id(35292);
script_xref(name:"SECUNIA", value:"33371");
script_name(english:"Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by
an authentication bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Drupal running on the remote host includes the
third-party Services module, which offers a way to integrate external
applications with Drupal using XMLRPC, SOAP, REST, AMF, or other such
interfaces. It is currently configured to use a validation token, or
'key', for authentication, and contains a flaw that allows an
unauthenticated, remote attacker to view or add keys. Depending on
access control checks for the underlying services exposed, an attacker
may be able to access services that he would not normally be able to.");
script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/node/488004");
script_set_attribute(attribute:"solution", value:
"Upgrade to Services 6.x-0.14 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/10");
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:drupal:drupal");
script_set_attribute(attribute:"cpe", value:"cpe:/a:drupal:services_module_for_drupal");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("drupal_detect.nasl");
script_require_keys("installed_sw/Drupal", "www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app = "Drupal";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port
);
dir = install['path'];
install_url = build_url(qs:dir, port:port);
# Try to pull up form for adding a key.
url = "/admin/build/services/keys/add";
res = http_send_recv3(method:"GET", item:dir+url, port:port, exit_on_fail:TRUE);
# There's a problem if we see the expected contents.
if (
'id="services-admin-keys-form"' >< res[2] ||
'id="edit-submit" value="Create key"' >< res[2]
)
{
output = strstr(res[2], 'id="services-admin-keys-form"');
security_report_v4(
port : port,
severity : SECURITY_WARNING,
generic : TRUE,
request : make_list(install_url + url),
output : chomp(output)
);
exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation