Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.702851 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 2851-1 (drupal6 - impersonation) |
Zusammenfassung: | Christian Mainka and Vladislav Mladenov reported a vulnerability in the;OpenID module of Drupal, a fully-featured content management framework.;A malicious user could exploit this flaw to log in as other users on the;site, including administrators, and hijack their accounts.;;These fixes require extra updates to the database which can be done from;the administration pages. |
Beschreibung: | Summary: Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extra updates to the database which can be done from the administration pages. Affected Software/OS: drupal6 on Debian Linux Solution: For the oldstable distribution (squeeze), this problem has been fixed in version 6.30-1. We recommend that you upgrade your drupal6 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1475 BugTraq ID: 64973 http://www.securityfocus.com/bid/64973 Debian Security Information: DSA-2847 (Google Search) http://www.debian.org/security/2014/dsa-2847 Debian Security Information: DSA-2851 (Google Search) http://www.debian.org/security/2014/dsa-2851 http://www.mandriva.com/security/advisories?name=MDVSA-2014:031 http://secunia.com/advisories/56260 http://secunia.com/advisories/56601 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |