Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.811830 |
Kategorie: | Web application abuses |
Titel: | Drupal Core Multiple Vulnerabilities (SA-CORE-2015-001) - Windows |
Zusammenfassung: | Drupal is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation for 'destination' query string parameter in URLs to redirect users to a new destination after completing an action on the current page. - An improper implementation of several URL-related API functions. - An improper handling of Password reset URLs. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to another user's account without knowing the account's password and also trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. Affected Software/OS: Drupal core 6.x versions prior to 6.35 and 7.x versions prior to 7.35 on Windows. Solution: Upgrade to Drupal core version 6.35 or 7.35 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
Querverweis: |
BugTraq ID: 73219 BugTraq ID: 73403 Common Vulnerability Exposure (CVE) ID: CVE-2015-2750 http://www.securityfocus.com/bid/73219 Debian Security Information: DSA-3200 (Google Search) http://www.debian.org/security/2015/dsa-3200 http://www.openwall.com/lists/oss-security/2015/03/26/4 Common Vulnerability Exposure (CVE) ID: CVE-2015-2749 Common Vulnerability Exposure (CVE) ID: CVE-2015-2559 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |