Drupal Core Multiple Security Vulnerabilities
BID:51822
Info
Drupal Core Multiple Security Vulnerabilities
| Bugtraq ID: | 51822 |
| Class: | Unknown |
| CVE: |
CVE-2012-0826 CVE-2012-0825 CVE-2012-0827 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2012 12:00AM |
| Updated: | Oct 16 2013 02:04AM |
| Credit: | Dylan Tack, Rui Wang, Shuo Chen, Xiao Feng Wang, David Rothstein, and Sascha Grossenbacher. |
| Vulnerable: |
Drupal Drupal 7.6 Drupal Drupal 7.5 Drupal Drupal 7.4 Drupal Drupal 7.3 Drupal Drupal 7.2 Drupal Drupal 7.1 Drupal Drupal 7.0 Dev Drupal Drupal 7.0 Alpha7 Drupal Drupal 7.0 Alpha6 Drupal Drupal 7.0 Alpha5 Drupal Drupal 7.0 Alpha4 Drupal Drupal 7.0 Alpha3 Drupal Drupal 7.0 Alpha2 Drupal Drupal 7.0 Alpha1 Drupal Drupal 7.0 Drupal Drupal 6.9 Drupal Drupal 6.8 Drupal Drupal 6.7 Drupal Drupal 6.6 Drupal Drupal 6.5 Drupal Drupal 6.4 Drupal Drupal 6.3 Drupal Drupal 6.22 Drupal Drupal 6.22 Drupal Drupal 6.21 Drupal Drupal 6.21 Drupal Drupal 6.2 Drupal Drupal 6.18 Drupal Drupal 6.17 Drupal Drupal 6.16 Drupal Drupal 6.15 Drupal Drupal 6.15 Drupal Drupal 6.14 Drupal Drupal 6.13 Drupal Drupal 6.12 Drupal Drupal 6.11 Drupal Drupal 6.10 Drupal Drupal 6.1 Drupal Drupal 6.0 Rc4 Drupal Drupal 6.0 Rc3 Drupal Drupal 6.0 Rc2 Drupal Drupal 6.0 Rc1 Drupal Drupal 6.0 Dev Drupal Drupal 6.0 Beta4 Drupal Drupal 6.0 Beta3 Drupal Drupal 6.0 Beta2 Drupal Drupal 6.0 Beta1 Drupal Drupal 6.0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Drupal Drupal 7.11 Drupal Drupal 6.23 |
Discussion
Drupal Core Multiple Security Vulnerabilities
Drupal is prone to a cross-site request-forgery vulnerability, and multiple security-bypass vulnerabilities.
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
Attackers can exploit the security bypass issues to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Drupal is prone to a cross-site request-forgery vulnerability, and multiple security-bypass vulnerabilities.
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
Attackers can exploit the security bypass issues to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Exploit / POC
Drupal Core Multiple Security Vulnerabilities
Attackers can use a browser to exploit some of these issues. To exploit a cross-site request-forgery vulnerability attackers must entice an unsuspecting victim into following a malicious URI.
Attackers can use a browser to exploit some of these issues. To exploit a cross-site request-forgery vulnerability attackers must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Drupal Core Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Drupal Core Multiple Security Vulnerabilities
References:
References:
- Drupal Homepage (Drupal)
- SA-CORE-2012-001 - Drupal core multiple vulnerabilities (Drupal)