Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA1007] DSA-1007-1 drupal Vulnerability Scan

Vulnerability Scan Summary
DSA-1007-1 drupal

Detailed Explanation for this Vulnerability Test

The Drupal Security Team discovered several vulnerabilities in Drupal,
a fully-featured content management and discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
Due to missing input sanitising a remote attacker could inject
headers of outgoing e-mail messages and use Drupal as a spam
Missing input sanity checks allows attackers to inject arbitrary
web script or HTML.
Menu items created with the menu.module lacked access control,
which might allow remote attackers to access administrator pages.
Markus Petrux discovered a bug in the session fixation which may
allow remote attackers to gain Drupal user rights.
The old stable distribution (woody) does not contain Drupal packages.
For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-6.
For the unstable distribution (sid) these problems have been fixed in
version 4.5.8-1.
We recommend that you upgrade your drupal package.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.