Test Kennung:	1.3.6.1.4.1.25623.1.0.811830
Kategorie:	Web application abuses
Titel:	Drupal Core Multiple Vulnerabilities (SA-CORE-2015-001) - Windows
Zusammenfassung:	Drupal is prone to multiple vulnerabilities.
Beschreibung:	Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation for 'destination' query string parameter in URLs to redirect users to a new destination after completing an action on the current page. - An improper implementation of several URL-related API functions. - An improper handling of Password reset URLs. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to another user's account without knowing the account's password and also trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. Affected Software/OS: Drupal core 6.x versions prior to 6.35 and 7.x versions prior to 7.35 on Windows. Solution: Upgrade to Drupal core version 6.35 or 7.35 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	BugTraq ID: 73219 BugTraq ID: 73403 Common Vulnerability Exposure (CVE) ID: CVE-2015-2750 http://www.securityfocus.com/bid/73219 Debian Security Information: DSA-3200 (Google Search) http://www.debian.org/security/2015/dsa-3200 http://www.openwall.com/lists/oss-security/2015/03/26/4 Common Vulnerability Exposure (CVE) ID: CVE-2015-2749 Common Vulnerability Exposure (CVE) ID: CVE-2015-2559
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.