• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Drupal Remote Vulnerabilities

Severity: HIGH

Description:

Drupal is a PHP-based content manager.

Drupal is prone to multiple vulnerabilities:

1. An arbitrary-file-upload vulnerability occurs because Drupal's private filesystem fails to sufficiently validate the MIME type sent by the browser. Attackers can upload and execute arbitrary script code on an affected computer with the privileges of the webserver process.

2. An arbitrary-file-upload vulnerability occurs in the BlogAPI module because the software ffails to validate the extensions of uploaded files. Attackers can upload and execute arbitrary script code on an affected computer with the privileges of the webserver process.

3. A cross-site scripting vulnerability occurs because of a bug in Drupal's output filter. Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

4. Cross-site request-forgery tokens may not be validated properly for cached forms or for forms containing 'AHAH' elements.

5. A cross-site request-forgery vulnerability may allow attackers to add or delete access control rules on the attacker's behalf using a victim's currently active session by tricking the victim into following a specially crafted HTTP request.

6. A privilege-escalation vulnerability resides in Drupal's Upload module. Users with permissions to upload files may leverage this issue to edit protected nodes, delete any file the webserver has access to, and download attachments of protected nodes.

These issues affect Drupal 5.x (before 5.10) and Drupal 6.x (before 6.4).

Affected Products:

• Drupal Drupal 5.0
• Drupal Drupal 5.1
• Drupal Drupal 5.2
• Drupal Drupal 5.3
• Drupal Drupal 5.4
• Drupal Drupal 5.5
• Drupal Drupal 5.6
• Drupal Drupal 5.7
• Drupal Drupal 5.8
• Drupal Drupal 5.9
• Drupal Drupal 6.0
• Drupal Drupal 6.1
• Drupal Drupal 6.2
• Drupal Drupal 6.3
• RedHat Fedora 8
• RedHat Fedora 9
• vbDrupal vbDrupal 5.9.0

References:

• Drupal: Drupal Homepage
• Drupal: SA-2008-047 - Drupal core - Multiple vulnerabilities
• vbDrupal: vbDrupal Homepage
• vbDrupal: vbDrupal Release Notes

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.