Drupal 7.x < 7.24 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9727

Synopsis

The remote server is hosting an outdated installation of Drupal that is vulnerable to multiple attack vectors.

Description

The version of Drupal installed on the remote server is 7.x prior to 7.24, and is affected by the following vulnerabilities :

- A flaw exists in unspecified configurations for Apache Web Servers that can cause the .htaccess file that would normally protect against code execution to be ignored. This may allow a remote attacker to more easily execute code on a system that is vulnerable to malicious file uploads.
- A flaw exists in the 'drupal_valid_token()' function that is triggered when the TRUE value is returned for invalid security tokens if the caller fails to ensure that the token is a string. This may allow a remote attacker to bypass security token validation.
- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the image field description in the image module. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
- A flaw exists that allows a reflected XSS attack. This flaw exists because the application does not validate certain unspecified input related to the color module before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
- A flaw exists in the overlay module that is due to the module failing to sanitize URLs before administrative pages are layered over current pages instead of replacing them. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
- A flaw exists in the form API that is due to the program failing to properly implement CSRF protection when a third-party module uses form validation callbacks with potentially unsafe operations. This may allow a context-dependent attacker to bypass protections against CSRF attacks.

Solution

Upgrade to Drupal 7.24 or later.

See Also

https://drupal.org/SA-CORE-2013-003

Plugin Details

Severity: Medium

ID: 9727

Family: CGI

Published: 10/28/2016

Updated: 3/6/2019

Nessus ID: 71098, 71101, 71144, 71145, 71148, 71358, 71404, 71408, 71764

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Patch Publication Date: 11/20/2013

Vulnerability Publication Date: 11/21/2013

Reference Information

CVE: CVE-2013-6385, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389

BID: 63837, 63843, 63845, 63847, 63848, 63849