Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA958] DSA-958-1 drupal Vulnerability Scan

Vulnerability Scan Summary
DSA-958-1 drupal

Detailed Explanation for this Vulnerability Test

Several security related problems have been discovered in drupal, a
fully-featured content management/discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
Several cross-site scripting vulnerabilities allow remote
attackers to inject arbitrary web script or HTML.
When running on PHP5, Drupal does not correctly enforce user
rights, which allows remote attackers to bypass the "access
user profiles" permission.
An interpretation conflict allows remote authenticated users to
inject arbitrary web script or HTML via HTML in a file with a GIF
or JPEG file extension.
The old stable distribution (woody) does not contain drupal packages.
For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-5.
For the unstable distribution (sid) these problems have been fixed in
version 4.5.6-1.
We recommend that you upgrade your drupal package.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.