Lucene search
GoogleOSV:DSA-2113-1HistorySep 20, 2010 - 12:00 a.m.
drupal6 - several vulnerabilities
2010-09-2000:00:00
Google
osv.dev
8
0.005 Low
EPSS
Percentile
75.9%
Several vulnerabilities have been discovered in Drupal 6 a fully-featured
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2010-3091
Several issues have been discovered in the OpenID module that allows
malicious access to user accounts. - CVE-2010-3092
The upload module includes a potential bypass of access restrictions due
to not checking letter case-sensitivity. - CVE-2010-3093
The comment module has a privilege escalation issue that allows certain
users to bypass limitations. - CVE-2010-3094
Several cross-site scripting (XSS) issues have been discovered in the
Action feature.
For the stable distribution (lenny), these problems have been fixed in
version 6.6-3lenny6.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 6.18-1.
We recommend that you upgrade your drupal6 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal6 | eq | 6.6-3 | |
| drupal6 | eq | 6.6-3lenny1 | |
| drupal6 | eq | 6.6-3lenny2 | |
| drupal6 | eq | 6.6-3lenny3 | |
| drupal6 | eq | 6.6-3lenny4 | |
| drupal6 | eq | 6.6-3lenny5 |
References
Related
openvas
openvas
Debian Security Advisory DSA 2113-1 (drupal6)
2010-10-10 00:00:00
Debian: Security Advisory (DSA-2113-1)
2010-10-10 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities
2010-09-20 14:15:04
[BSA-023] Security Update for drupal6
2011-01-25 16:43:46
nessus
nessus
Debian DSA-2113-1 : drupal6 - several vulnerabilities
2010-09-21 00:00:00
ubuntucve
ubuntucve
prion
prion
Authentication flaw
2010-09-29 17:00:00
Authorization
2010-09-21 20:00:00
Design/Logic Flaw
2010-09-21 20:00:00
cve
cve
cvelist
cvelist
nvd
nvd
osv
osv
github
github