7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.2%
Multiple vulnerabilities have been discovered in Drupal, a
fully-featured content management framework. The Common Vulnerabilities
and Exposures project identifies the following issues:
These fixes require extra updates to the database which can be done from
the administration pages. Furthermore this update introduces a new
security hardening element for the form API. Please refer to the
upstream advisory at
drupal.org/SA-CORE-2014-001 for further
information.
For the stable distribution (wheezy), these problems have been fixed in
version 7.14-2+deb7u2.
For the testing distribution (jessie), these problems have been fixed in
version 7.26-1.
For the unstable distribution (sid), these problems have been fixed in
version 7.26-1.
We recommend that you upgrade your drupal7 packages.
CPE | Name | Operator | Version |
---|---|---|---|
drupal7 | eq | 7.14-2 | |
drupal7 | eq | 7.14-2+deb7u1 | |
drupal7 | eq | 7.14-2+deb7u1~bpo60+1 | |
drupal7 | eq | 7.14-2+deb7u2~bpo60+1 |