Drupal 7.x < 7.38 Multiple Vulnerabilities

medium Nessus Plugin ID 84292

Synopsis

The remote web server is running a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server is running a version of Drupal that is 7.x prior to 7.38. It is, therefore, potentially affected by the following vulnerabilities :

- An open redirect vulnerability exists due to improper validation of user-supplied input to the 'destinations' parameter in the Field UI module. A remote attacker can exploit this issue, via a specially crafted URL, to redirect users to a third-party website. (CVE-2015-3231)

- An open redirect vulnerability exists due to improper validation of URLs prior displaying their contents via the Overlay module on administrative pages.
(CVE-2015-3232)

- An information disclosure vulnerability exists due to a flaw in the render cache system. An attacker can exploit this flaw to view private content of arbitrary users.
(CVE-2015-3233)

- A security bypass vulnerability exists due to a flaw in the OpenID module. A remote attacker can exploit this flaw to log in as other users, including administrators.
Note that victims must have an existing OpenID account from a particular set of OpenID providers including, but not limited to, Verisign, LiveJournal, or StackExchange. (CVE-2015-3234)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Drupal version 7.38 or later.

See Also

https://www.drupal.org/SA-CORE-2015-002

https://www.drupal.org/drupal-7.38-release-notes

Plugin Details

Severity: Medium

ID: 84292

File Name: drupal_7_38.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 6/19/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2015-3233

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/Drupal

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2015

Vulnerability Publication Date: 6/17/2015

Reference Information

CVE: CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234

BID: 75284, 75286, 75287, 75294