Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
BID:22867
Info
Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
| Bugtraq ID: | 22867 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-1368 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | Gerhard Killesreiter is credited with the discovery of this vulnerability. |
| Vulnerable: |
Drupal Project issue tracking 4.7 2.2 Drupal Project issue tracking 4.7 1.2 Drupal Project issue tracking 5.0-0.1 Drupal Project issue tracking 4.7.0-2.1 Drupal Project issue tracking 4.7.0-2.0 Drupal Project issue tracking 4.7.0-1.1 Drupal Project issue tracking 4.7.0-1.0 |
| Not Vulnerable: |
Drupal Project issue tracking 5.0-0.2beta Drupal Project issue tracking 4.7.0-2.3 Drupal Project issue tracking 4.7.0-1.3 |
Discussion
Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
The Drupal project issue-tracking module is prone to a security-bypass vulnerability because of an access-validation error in the affected module.
An attacker can exploit this issue to bypass security restrictions and gain access to sensitive information that may lead to other attacks.
The Drupal project issue-tracking module is prone to a security-bypass vulnerability because of an access-validation error in the affected module.
An attacker can exploit this issue to bypass security restrictions and gain access to sensitive information that may lead to other attacks.
Exploit / POC
Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Drupal Project issue tracking 4.7.0-2.0
Drupal Project issue tracking 4.7.0-2.1
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Drupal Project issue tracking 4.7.0-2.0
-
Drupal project_issue-4.7.x-2.2.tar.gz
http://ftp.osuosl.org/pub/drupal/files/projects/project_issue-4.7.x-2. 2.tar.gz
Drupal Project issue tracking 4.7.0-2.1
-
Drupal project_issue-4.7.x-2.2.tar.gz
http://ftp.osuosl.org/pub/drupal/files/projects/project_issue-4.7.x-2. 2.tar.gz
References
Drupal Project Issue Tracking Parameter Handling Security Bypass Vulnerability
References:
References:
- Drupal Chat Room 4.7.x-1.0 Release Information (Drupal)
- Drupal Chat Room Home Page (Drupal)
- Project issue tracking 4.7.x-1.3 Release Notes (Drupal)
- Vendor Homepage (Drupal)
- Drupal Security Advisory DRUPAL-SA-2006-030 (Drupal)