Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA958] DSA-958-1 drupal

Vulnerability Assessment Details

[DSA958] DSA-958-1 drupal
Vulnerability Assessment Summary
DSA-958-1 drupal

Detailed Explanation for this Vulnerability Assessment

Several security related problems have been discovered in drupal, a
fully-featured content management/discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
Several cross-site scripting vulnerabilities permit remote
attackers to inject arbitrary web script or HTML.
When running on PHP5, Drupal does not correctly enforce user
rights, which permits remote attackers to bypass the "access
user profiles" permission.
An interpretation conflict permits remote authenticated users to
inject arbitrary web script or HTML via HTML in a file with a GIF
or JPEG file extension.
The old stable distribution (woody) does not contain drupal packages.
For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-5.
For the unstable distribution (sid) these problems have been fixed in
version 4.5.6-1.
We recommend that you upgrade your drupal package.


Solution : http://www.debian.org/security/2006/dsa-958
Network Security Threat Level: High

Networks Security ID: 15663, 15674, 15677

Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi
Cables, Connectors


Dell Poweredge R640 Server | 2x Silver 4114 | 64GB | H730P | 2x HDD Trays picture

Dell Poweredge R640 Server | 2x Silver 4114 | 64GB | H730P | 2x HDD Trays

$1539.00


Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD picture

Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD

$389.99


Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB picture

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB

$510.00


Dell PowerEdge R730, 2 sinks, SystemBoard, 8 trays,H330,Idrac 8 exp, 2x750w Psu picture

Dell PowerEdge R730, 2 sinks, SystemBoard, 8 trays,H330,Idrac 8 exp, 2x750w Psu

$135.00


DELL PowerEdge R630 8SFF Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45 picture

DELL PowerEdge R630 8SFF Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45

$254.00


Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox picture

Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox

$360.00


DELL POWEREDGE T430 SERVER W/ DUAL XEON E5-2609 CPU & 16GB MEMORY picture

DELL POWEREDGE T430 SERVER W/ DUAL XEON E5-2609 CPU & 16GB MEMORY

$329.00


Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM DDR3 NO HDs picture

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM DDR3 NO HDs

$250.00


CTO Dell PowerEdge R630 Server, 2x Xeon E5-2620V4, 64GB- 512GB RAM, 480GB SSDs picture

CTO Dell PowerEdge R630 Server, 2x Xeon E5-2620V4, 64GB- 512GB RAM, 480GB SSDs

$320.00


Dell R730XD 12LFF 2SFF 2x E5-2690v4 28C 128GB H730 12xTrays iDRAC ENT RJ-45 10G picture

Dell R730XD 12LFF 2SFF 2x E5-2690v4 28C 128GB H730 12xTrays iDRAC ENT RJ-45 10G

$670.00


Discussions

No Discussions have been posted on this vulnerability.