Drupal 6.x < 6.32 / 7.x < 7.29 Multiple Vulnerabilities

medium Nessus Plugin ID 76619

Synopsis

The remote web server is running a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server is running a version of Drupal that is 6.x prior to 6.32 or 7.x prior to 7.29. It is, therefore, potentially affected by the following vulnerabilities :

- The HTTP Host header, which determines the configuration file used by Drupal core's multisite feature, does not properly validate header values, which may result in a denial of service. This may also affect sites that do not use the multisite feature. (CVE-2014-5019)

- The File module in Drupal 7.x does not properly check file permissions when creating attachments. This may allow attackers to gain access to arbitrary files.
(CVE-2014-5020)

- The form API does not properly sanitize option group labels in select elements, which may allow unspecified cross-site scripting attacks. (CVE-2014-5021)

- Forms containing a combination of an Ajax-enabled text field and a file field may contain an unspecified cross-site scripting vulnerability. (CVE-2014-5022)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 6.32 / 7.29 or later.

See Also

https://www.drupal.org/SA-CORE-2014-003

https://www.drupal.org/drupal-7.29-release-notes

https://www.drupal.org/project/drupal/releases/6.32

Plugin Details

Severity: Medium

ID: 76619

File Name: drupal_7_29.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 7/21/2014

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2014-5020

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/Drupal

Exploit Ease: No known exploits are available

Patch Publication Date: 7/16/2014

Vulnerability Publication Date: 7/16/2014

Reference Information

CVE: CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022

BID: 68706

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990