J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities

Severity: HIGH

Description:

Drupal is a web-based content manager.

The application is prone to these security issues:

1. A cross-site scripting vulnerability occurs because the application fails to sufficiently sanitize user-supplied input to the core Forum module and the third-party Advanced Forum module. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. A successful attack will allow arbitrary script code to run in the victim's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.

2. A vulnerability affects user signatures that may allow an attacker to inject and execute arbitrary script code on the affected site. If the PHP filter is enabled, the attacker may also be able to run arbitrary PHP code. The problem occurs when an administrator changes the input format for a comment. A user will no longer be able to edit the comment, but they will be able to edit the signature with the new input format. Note that this is a problem only if the new input filter is permissive. This issue affects the core Forum module and the third-party Advanced Forum module.

3. An information-disclosure weakness occurs because incorrect username and password information may be passed onto subsequent pages. The problem occurs if the current page contains a sortable table or if the victim is enticed to follow a malicious URI while Drupal page cache is enabled. To exploit this issue the attacker must wait for the victim to enter incorrect login information, which will then be passed on to the attacker. Information obtained may aid in further attacks.

These issues affect the following:

Drupal 5.x (prior to 5.19)
Drupal 6.x (prior to 6.13)

Affected Products:

  • Drupal Advanced Forum 5.x-1.x-dev
  • Drupal Advanced Forum 6.x-1.x-dev
  • Drupal Advanced Forum 6.x-2.x-dev
  • Drupal Drupal 5.0
  • Drupal Drupal 5.1
  • Drupal Drupal 5.1 revision 1.1
  • Drupal Drupal 5.10
  • Drupal Drupal 5.11
  • Drupal Drupal 5.12
  • Drupal Drupal 5.13
  • Drupal Drupal 5.15
  • Drupal Drupal 5.16
  • Drupal Drupal 5.17
  • Drupal Drupal 5.18
  • Drupal Drupal 5.2
  • Drupal Drupal 5.3
  • Drupal Drupal 5.4
  • Drupal Drupal 5.5
  • Drupal Drupal 5.6
  • Drupal Drupal 5.7
  • Drupal Drupal 5.8
  • Drupal Drupal 5.9
  • Drupal Drupal 6.0
  • Drupal Drupal 6.1
  • Drupal Drupal 6.10
  • Drupal Drupal 6.11
  • Drupal Drupal 6.12
  • Drupal Drupal 6.2
  • Drupal Drupal 6.3
  • Drupal Drupal 6.4
  • Drupal Drupal 6.5
  • Drupal Drupal 6.6
  • Drupal Drupal 6.7
  • Drupal Drupal 6.9
  • RedHat Fedora 10
  • RedHat Fedora 11
  • RedHat Fedora 9

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.