Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.812775 |
Categoría: | Web application abuses |
Título: | Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Windows |
Resumen: | Drupal is prone to multiple vulnerabilities. |
Descripción: | Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper access restriction for sensitive contents via 'Comment reply form'. - 'Drupal.checkPlain' JavaScript function does not correctly handle all methods of injecting malicious HTML. - Private file access check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it. - A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. - Language fallback can be incorrect on multilingual sites with node access restrictions. - An error in 'Settings Tray module'. - An external link injection vulnerability when the language switcher block is used. Vulnerability Impact: Successful exploitation will allow remote attackers to trick users into unwillingly navigating to an external site, update certain data that they do not have the permissions for, execute arbitrary script and gain extra privileges. Affected Software/OS: Drupal core version 8.x versions prior to 8.4.5 and 7.x versions prior to 7.57. Solution: Update to version 8.4.5 or 7.57 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-6926 Common Vulnerability Exposure (CVE) ID: CVE-2017-6927 BugTraq ID: 103138 http://www.securityfocus.com/bid/103138 Debian Security Information: DSA-4123 (Google Search) https://www.debian.org/security/2018/dsa-4123 https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2017-6928 Common Vulnerability Exposure (CVE) ID: CVE-2017-6929 Common Vulnerability Exposure (CVE) ID: CVE-2017-6930 Common Vulnerability Exposure (CVE) ID: CVE-2017-6931 Common Vulnerability Exposure (CVE) ID: CVE-2017-6932 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |