Drupal Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Remote Authenticated Users Inject SQL Commands and Obtain Potentially Sensitive Information : 8/21/2015 9:08:05 PM

This eBook shows you how common web marketing tactics map to their mobile counterparts, including a "this = that" chart of web to app equivalents.
From our sponsors
 

 

Vulnerability Databse
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

Drupal Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Remote Authenticated Users Inject SQL Commands and Obtain Potentially Sensitive Information
8/21/2015 12:00:00 AM

Drupal Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Remote Authenticated Users Inject SQL Commands and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1033358
SecurityTracker URL:  http://securitytracker.com/id/1033358
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 21 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x, 7.x
Description:   Several vulnerabilities were reported in Drupal. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information on the target system. A remote authenticated user can inject SQL commands. A remote user can conduct cross-site scripting attacks.

The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Drupal software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The Drupal.ajax() function is affected when processing a whitelisted HTML element. Version 7.x is affected.

The form autocomplete function is affected.

The SQL comment filtering system does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database. Version 7.x is affected.

A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will exploit a flaw in the Form API to take actions on the target interface (i.e., upload files) acting as the target user.

A remote authenticated user that does not have the "access content" permission can view node titles on a menu on the target system.

Regis Leroy, Kay Leung (Drupal core JavaScript maintainer), Samuel Mortenson, Pere Orga of the Drupal Security Team, Alex Bronstein of the Drupal Security Team, Carl Sabottke, Abdullah Hussam, and David_Rothstein of the Drupal Security Team reported these vulnerabilities.

Impact:   A remote user can take actions on the target system acting as the target authenticated user.

A remote authenticated user can obtain potentially sensitive information on the target system.

A remote authenticated user can execute SQL commands on the underlying database.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Drupal software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a fix (6.37, 7.39).

The vendor's advisory is available at:

https://www.drupal.org/SA-CORE-2015-003

Vendor URL:  www.drupal.org/SA-CORE-2015-003 (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.