Executive Summary
Summary | |
---|---|
Title | drupal6 security update |
Informations | |||
---|---|---|---|
Name | DSA-2776 | First vendor Publication | 2013-10-11 |
Vendor | Debian | Last vendor Modification | 2013-10-11 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery. For the oldstable distribution (squeeze), these problems have been fixed in version 6.28-1. For the stable distribution (wheezy), these problems have already been fixed in the drupal7 package. For the unstable distribution (sid), these problems have already been fixed in the drupal7 package. We recommend that you upgrade your drupal6 packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2776 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-264 | Permissions, Privileges, and Access Controls |
29 % | CWE-200 | Information Exposure |
14 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
14 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
14 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19807 | |||
Oval ID: | oval:org.mitre.oval:def:19807 | ||
Title: | DSA-2776-1 drupal6 - several | ||
Description: | Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2776-1 CVE-2012-0825 CVE-2012-0826 CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 CVE-2013-0244 CVE-2013-0245 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | drupal6 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : FreeBSD Ports: drupal6 File : nvt/freebsd_drupal61.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2776.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-074.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote web server is running a PHP application that is affected by multip... File : drupal_6_28.nasl - Type : ACT_GATHER_INFO |
2013-01-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20746.nasl - Type : ACT_GATHER_INFO |
2013-01-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20766.nasl - Type : ACT_GATHER_INFO |
2013-01-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20794.nasl - Type : ACT_GATHER_INFO |
2012-12-21 | Name : The remote web server is running a PHP application that is affected by multip... File : drupal_6_27.nasl - Type : ACT_GATHER_INFO |
2012-02-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_10720fe851e011e191c100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:14 |
|
2014-01-19 21:34:40 |
|
2013-10-29 21:22:56 |
|
2013-10-29 13:21:54 |
|
2013-10-11 17:18:49 |
|