Title: Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
Severity: HIGH
Description:
Drupal is an open-source content manager that is available for a number of platforms, including Microsoft Windows and UNIX/Linux variants.
Drupal is prone to multiple remote vulnerabilities:
- A cross-site request-forgery issue occurs in the user-deletion form. Specifically, the form does not follow the Standard Form Submission model. Forms that follow this model are not prone to this kind of vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application.
- An HTTP response-splitting issue occurs because in some circumstances the application fails to sufficiently sanitize user-supplied data. To exploit this vulnerability, a remote attacker may inject arbitrary HTTP headers by including CRLF sequences in the affected parameters of HTTP POST requests.
- An HTML-injection issue occurs because the application fails to sufficiently sanitize user-supplied input. Specifically, the upload module permits attackers to upload HTML files without sanitizing their content.
- A vulnerability that may allow an attacker to mail unpublished comments occurs because the application fails to pass the publish status of comments to the 'hook_comments' API. This may allow certain modules, such as the Organic groups or subscriptions, to mail out unpublished comments.
- An arbitrary-code-execution issue occurs in the Drupal installer. Specifically, the application allows an attacker to specify database credentials when the site's database is unreachable. This will allow the attacker to execute arbitrary code within the context of the affected webserver.
An attacker may exploit these vulnerabilities to:
- Influence or misrepresent how web content is served, cached, or interpreted.
- Execute arbitrary code within the context of the webserver process.
- Steal cookie-based authentication credentials, allowing the attacker to launch other attacks.
Affected Products:
- Drupal Drupal 4.7.0
- Drupal Drupal 4.7.1
- Drupal Drupal 4.7.3
- Drupal Drupal 4.7.3
- Drupal Drupal 4.7.4
- Drupal Drupal 4.7.4
- Drupal Drupal 4.7.5
- Drupal Drupal 4.7.6
- Drupal Drupal 4.7.7
- Drupal Drupal 5.0
- Drupal Drupal 5.1
- Drupal Drupal 5.2
- RedHat Fedora 7
- vbDrupal vbDrupal 4.7.5
- vbDrupal vbDrupal 4.7.6
References:
- Drupal: Drupal Security Advisory SA-2007-024
- Drupal: Drupal Security Advisory SA-2007-025
- Drupal: Drupal Security Advisory SA-2007-026
- Drupal: Drupal Security Advisory SA-2007-029
- Drupal: Drupal Security Advisory SA-2007-030
- Drupal: Vendor Homepage
- vbDrupal: vbDrupal Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
