Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703075 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3075-1 (drupal7 - security update) |
Zusammenfassung: | Two vulnerabilities were discovered in Drupal, a fully-featured content;management framework. The Common Vulnerabilities and Exposures project;identifies the following issues:;;CVE-2014-9015;Aaron Averill discovered that a specially crafted request can give a;user access to another user's session, allowing an attacker to;hijack a random session.;;CVE-2014-9016;Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered;that the password hashing API allows an attacker to send;specially crafted requests resulting in CPU and memory;exhaustion. This may lead to the site becoming unavailable or;unresponsive (denial of service).;;Custom configured session.inc and password.inc need to be audited as;well to verify if they are prone to these vulnerabilities. |
Beschreibung: | Summary: Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-9015 Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. CVE-2014-9016 Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to these vulnerabilities. Affected Software/OS: drupal7 on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 7.14-2+deb7u8. We recommend that you upgrade your drupal7 packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9015 Debian Security Information: DSA-3075 (Google Search) http://www.debian.org/security/2014/dsa-3075 http://www.openwall.com/lists/oss-security/2014/11/20/3 http://www.openwall.com/lists/oss-security/2014/11/20/21 http://secunia.com/advisories/59164 http://secunia.com/advisories/59814 Common Vulnerability Exposure (CVE) ID: CVE-2014-9016 https://www.drupal.org/node/2378367 http://www.openwall.com/lists/oss-security/2014/11/21/1 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |