7.5 - MDVSA-2015:181

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MDVSA-2015:181	First vendor Publication	2015-03-30
Vendor	Mandriva	Last vendor Modification	2015-03-30
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated drupal packages fix security vulnerabilities:

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983).

Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022).

A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint.

An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704).

Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service) (CVE-2014-9016). anonymous users (CVE-2014-9016).

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559).

Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750).

The drupal package has been updated to version 7.35 to fix this issue and other bugs. See the upstream advisory and release notes for more details.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:181

CWE : Common Weakness Enumeration

%	Id	Name
20 %	CWE-601	URL Redirection to Untrusted Site ('Open Redirect') (CWE/SANS Top 25)
20 %	CWE-264	Permissions, Privileges, and Access Controls
20 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
10 %	CWE-284	Access Control (Authorization) Issues
10 %	CWE-200	Information Exposure
10 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
10 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24560

Oval ID:	oval:org.mitre.oval:def:24560
Title:	DSA-2914-1 drupal6 - security update
Description:	An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
Family:	unix	Class:	patch
Reference(s):	DSA-2914-1 CVE-2014-2983	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	drupal6
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND drupal6 DPKG is earlier than 0:6.31-1

Definition Id: oval:org.mitre.oval:def:27030

Oval ID:	oval:org.mitre.oval:def:27030
Title:	DSA-3051-1 drupal7 - security update
Description:	Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
Family:	unix	Class:	patch
Reference(s):	DSA-3051-1 CVE-2014-3704	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	drupal7
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND drupal7 DPKG is earlier than 0:7.14-2+deb7u7

Definition Id: oval:org.mitre.oval:def:28341

Oval ID:	oval:org.mitre.oval:def:28341
Title:	DSA-3075-1 -- drupal7 security update
Description:	Two vulnerabilities were discovered in Drupal, a fully-featured content management framework.
Family:	unix	Class:	patch
Reference(s):	DSA-3075-1 CVE-2014-9015 CVE-2014-9016	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	drupal7
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND drupal7 is earlier than 0:7.14-2+deb7u8

CPE : Common Platform Enumeration

Type	Description	Count
Application	Drupal cpe:2.3:a:drupal:drupal:7.9:::::::* cpe:2.3:a:drupal:drupal:7.8:::::::* cpe:2.3:a:drupal:drupal:7.7:::::::* cpe:2.3:a:drupal:drupal:7.6:::::::* cpe:2.3:a:drupal:drupal:7.5:::::::* cpe:2.3:a:drupal:drupal:7.4:::::::* cpe:2.3:a:drupal:drupal:7.34:::::::* cpe:2.3:a:drupal:drupal:7.33:::::::* cpe:2.3:a:drupal:drupal:7.32:::::::* cpe:2.3:a:drupal:drupal:7.31:::::::* cpe:2.3:a:drupal:drupal:7.30:::::::* cpe:2.3:a:drupal:drupal:7.3:::::::* cpe:2.3:a:drupal:drupal:7.29:::::::* cpe:2.3:a:drupal:drupal:7.28:::::::* cpe:2.3:a:drupal:drupal:7.27:::::::* cpe:2.3:a:drupal:drupal:7.26:::::::* cpe:2.3:a:drupal:drupal:7.25:::::::* cpe:2.3:a:drupal:drupal:7.24:::::::* cpe:2.3:a:drupal:drupal:7.23:::::::* cpe:2.3:a:drupal:drupal:7.22:::::::* cpe:2.3:a:drupal:drupal:7.21:::::::* cpe:2.3:a:drupal:drupal:7.20:::::::* cpe:2.3:a:drupal:drupal:7.2:::::::* cpe:2.3:a:drupal:drupal:7.19:::::::* cpe:2.3:a:drupal:drupal:7.18:::::::* cpe:2.3:a:drupal:drupal:7.17:::::::* cpe:2.3:a:drupal:drupal:7.16:::::::* cpe:2.3:a:drupal:drupal:7.15:::::::* cpe:2.3:a:drupal:drupal:7.14:::::::* cpe:2.3:a:drupal:drupal:7.13:::::::* cpe:2.3:a:drupal:drupal:7.12:::::::* cpe:2.3:a:drupal:drupal:7.11:::::::* cpe:2.3:a:drupal:drupal:7.10:::::::* cpe:2.3:a:drupal:drupal:7.1:::::::* cpe:2.3:a:drupal:drupal:7.x-dev:::::::* cpe:2.3:a:drupal:drupal:7.x-1.4:::::::* cpe:2.3:a:drupal:drupal:7.x-1.3:::::::* cpe:2.3:a:drupal:drupal:7.x-1.2:::::::* cpe:2.3:a:drupal:drupal:7.x-1.1:::::::* cpe:2.3:a:drupal:drupal:7.x-1.0:rc1:::::: cpe:2.3:a:drupal:drupal:7.x-1.0:rc2:::::: cpe:2.3:a:drupal:drupal:7.x-1.0:::::::* cpe:2.3:a:drupal:drupal:7.x:dev:::::: cpe:2.3:a:drupal:drupal:7.0:rc3:::::: cpe:2.3:a:drupal:drupal:7.0:rc2:::::: cpe:2.3:a:drupal:drupal:7.0:alpha6:::::: cpe:2.3:a:drupal:drupal:7.0:beta3:::::: cpe:2.3:a:drupal:drupal:7.0:::::::* cpe:2.3:a:drupal:drupal:7.0:alpha1:::::: cpe:2.3:a:drupal:drupal:7.0:alpha7:::::: cpe:2.3:a:drupal:drupal:7.0:rc1:::::: cpe:2.3:a:drupal:drupal:7.0:alpha3:::::: cpe:2.3:a:drupal:drupal:7.0:alpha4:::::: cpe:2.3:a:drupal:drupal:7.0:beta1:::::: cpe:2.3:a:drupal:drupal:7.0:alpha5:::::: cpe:2.3:a:drupal:drupal:7.0:alpha2:::::: cpe:2.3:a:drupal:drupal:7.0:beta2:::::: cpe:2.3:a:drupal:drupal:7.0:dev:::::: cpe:2.3:a:drupal:drupal:7.0:rc4:::::: cpe:2.3:a:drupal:drupal:6.9:::::::* cpe:2.3:a:drupal:drupal:6.8:::::::* cpe:2.3:a:drupal:drupal:6.7:::::::* cpe:2.3:a:drupal:drupal:6.6:::::::* cpe:2.3:a:drupal:drupal:6.5:::::::* cpe:2.3:a:drupal:drupal:6.4:::::::* cpe:2.3:a:drupal:drupal:6.37:::::::* cpe:2.3:a:drupal:drupal:6.36:::::::* cpe:2.3:a:drupal:drupal:6.35:::::::* cpe:2.3:a:drupal:drupal:6.34:::::::* cpe:2.3:a:drupal:drupal:6.33:::::::* cpe:2.3:a:drupal:drupal:6.32:::::::* cpe:2.3:a:drupal:drupal:6.31:::::::* cpe:2.3:a:drupal:drupal:6.30:::::::* cpe:2.3:a:drupal:drupal:6.3:::::::* cpe:2.3:a:drupal:drupal:6.29:::::::* cpe:2.3:a:drupal:drupal:6.28:::::::* cpe:2.3:a:drupal:drupal:6.27:::::::* cpe:2.3:a:drupal:drupal:6.26:::::::* cpe:2.3:a:drupal:drupal:6.25:::::::* cpe:2.3:a:drupal:drupal:6.24:::::::* cpe:2.3:a:drupal:drupal:6.23:::::::* cpe:2.3:a:drupal:drupal:6.22:::::::* cpe:2.3:a:drupal:drupal:6.21:::::::* cpe:2.3:a:drupal:drupal:6.20:::::::* cpe:2.3:a:drupal:drupal:6.2:::::::* cpe:2.3:a:drupal:drupal:6.19:::::::* cpe:2.3:a:drupal:drupal:6.18:::::::* cpe:2.3:a:drupal:drupal:6.17:::::::* cpe:2.3:a:drupal:drupal:6.16:::::::* cpe:2.3:a:drupal:drupal:6.15:::::::* cpe:2.3:a:drupal:drupal:6.14:::::::* cpe:2.3:a:drupal:drupal:6.13:::::::* cpe:2.3:a:drupal:drupal:6.12:::::::* cpe:2.3:a:drupal:drupal:6.11:::::::* cpe:2.3:a:drupal:drupal:6.10:::::::* cpe:2.3:a:drupal:drupal:6.1:::::::* cpe:2.3:a:drupal:drupal:6.x-dev:::::::* cpe:2.3:a:drupal:drupal:6.0:rc3:::::: cpe:2.3:a:drupal:drupal:6.0:beta1:::::: cpe:2.3:a:drupal:drupal:6.0:beta3:::::: cpe:2.3:a:drupal:drupal:6.0:rc2:::::: cpe:2.3:a:drupal:drupal:6.0:rc1:::::: cpe:2.3:a:drupal:drupal:6.0:beta2:::::: cpe:2.3:a:drupal:drupal:6.0:dev:::::: cpe:2.3:a:drupal:drupal:6.0:rc4:::::: cpe:2.3:a:drupal:drupal:6.0:beta4:::::: cpe:2.3:a:drupal:drupal:6.0:::::::* cpe:2.3:a:drupal:drupal:6.0:rc-2:::::: cpe:2.3:a:drupal:drupal:6.0:rc-4:::::: cpe:2.3:a:drupal:drupal:6.0:rc-3:::::: cpe:2.3:a:drupal:drupal:6.0:rc-1:::::: cpe:2.3:a:drupal:drupal:6:beta1:::::: cpe:2.3:a:drupal:drupal:6:::::::* cpe:2.3:a:drupal:drupal:5.9:::::::* cpe:2.3:a:drupal:drupal:5.8:::::::* cpe:2.3:a:drupal:drupal:5.7:::::::* cpe:2.3:a:drupal:drupal:5.6:::::::* cpe:2.3:a:drupal:drupal:5.5.:::::::* cpe:2.3:a:drupal:drupal:5.5:::::::* cpe:2.3:a:drupal:drupal:5.4:::::::* cpe:2.3:a:drupal:drupal:5.3:::::::* cpe:2.3:a:drupal:drupal:5.23:::::::* cpe:2.3:a:drupal:drupal:5.22:::::::* cpe:2.3:a:drupal:drupal:5.21:::::::* cpe:2.3:a:drupal:drupal:5.20:::::::* cpe:2.3:a:drupal:drupal:5.2:::::::* cpe:2.3:a:drupal:drupal:5.19:::::::* cpe:2.3:a:drupal:drupal:5.18:::::::* cpe:2.3:a:drupal:drupal:5.17:::::::* cpe:2.3:a:drupal:drupal:5.16:::::::* cpe:2.3:a:drupal:drupal:5.15:::::::* cpe:2.3:a:drupal:drupal:5.14:::::::* cpe:2.3:a:drupal:drupal:5.13:::::::* cpe:2.3:a:drupal:drupal:5.12:::::::* cpe:2.3:a:drupal:drupal:5.11:::::::* cpe:2.3:a:drupal:drupal:5.10:::::::* cpe:2.3:a:drupal:drupal:5.1_rev1.1:::::::* cpe:2.3:a:drupal:drupal:5.1:::::::* cpe:2.3:a:drupal:drupal:5.x:dev:::::: cpe:2.3:a:drupal:drupal:5.0:::::::* cpe:2.3:a:drupal:drupal:5.0:rc1:::::: cpe:2.3:a:drupal:drupal:5.0:dev:::::: cpe:2.3:a:drupal:drupal:5.0:beta2:::::: cpe:2.3:a:drupal:drupal:5.0:beta1:::::: cpe:2.3:a:drupal:drupal:5.0:rc2:::::: cpe:2.3:a:drupal:drupal:5:::::::* cpe:2.3:a:drupal:drupal:4.7.9:::::::* cpe:2.3:a:drupal:drupal:4.7.8:::::::* cpe:2.3:a:drupal:drupal:4.7.7:::::::* cpe:2.3:a:drupal:drupal:4.7.6:::::::* cpe:2.3:a:drupal:drupal:4.7.5:::::::* cpe:2.3:a:drupal:drupal:4.7.4:::::::* cpe:2.3:a:drupal:drupal:4.7.3:::::::* cpe:2.3:a:drupal:drupal:4.7.2:::::::* cpe:2.3:a:drupal:drupal:4.7.11:::::::* cpe:2.3:a:drupal:drupal:4.7.10:::::::* cpe:2.3:a:drupal:drupal:4.7.1:::::::* cpe:2.3:a:drupal:drupal:4.7.0:::::::* cpe:2.3:a:drupal:drupal:4.7.0:beta3:::::: cpe:2.3:a:drupal:drupal:4.7.0:beta4:::::: cpe:2.3:a:drupal:drupal:4.7.0:beta5:::::: cpe:2.3:a:drupal:drupal:4.7.0:beta6:::::: cpe:2.3:a:drupal:drupal:4.7.0:rc1:::::: cpe:2.3:a:drupal:drupal:4.7.0:rc2:::::: cpe:2.3:a:drupal:drupal:4.7.0:rc3:::::: cpe:2.3:a:drupal:drupal:4.7.0:rc4:::::: cpe:2.3:a:drupal:drupal:4.7_revision_1.2:::::::* cpe:2.3:a:drupal:drupal:4.7_rev1.15:::::::* cpe:2.3:a:drupal:drupal:4.7_rev_1.2:::::::* cpe:2.3:a:drupal:drupal:4.7_rev_1.15:::::::* cpe:2.3:a:drupal:drupal:4.7:::::::* cpe:2.3:a:drupal:drupal:4.6.9:::::::* cpe:2.3:a:drupal:drupal:4.6.8:::::::* cpe:2.3:a:drupal:drupal:4.6.7:::::::* cpe:2.3:a:drupal:drupal:4.6.6:::::::* cpe:2.3:a:drupal:drupal:4.6.5:::::::* cpe:2.3:a:drupal:drupal:4.6.4:::::::* cpe:2.3:a:drupal:drupal:4.6.3:::::::* cpe:2.3:a:drupal:drupal:4.6.2:::::::* cpe:2.3:a:drupal:drupal:4.6.11:::::::* cpe:2.3:a:drupal:drupal:4.6.10:::::::* cpe:2.3:a:drupal:drupal:4.6.1:::::::* cpe:2.3:a:drupal:drupal:4.6.0:::::::* cpe:2.3:a:drupal:drupal:4.6:::::::* cpe:2.3:a:drupal:drupal:4.5.8:::::::* cpe:2.3:a:drupal:drupal:4.5.7:::::::* cpe:2.3:a:drupal:drupal:4.5.6:::::::* cpe:2.3:a:drupal:drupal:4.5.5:::::::* cpe:2.3:a:drupal:drupal:4.5.4:::::::* cpe:2.3:a:drupal:drupal:4.5.3:::::::* cpe:2.3:a:drupal:drupal:4.5.2:::::::* cpe:2.3:a:drupal:drupal:4.5.1:::::::* cpe:2.3:a:drupal:drupal:4.5.0:::::::* cpe:2.3:a:drupal:drupal:4.5:::::::* cpe:2.3:a:drupal:drupal:4.4.3:::::::* cpe:2.3:a:drupal:drupal:4.4.2:::::::* cpe:2.3:a:drupal:drupal:4.4.1:::::::* cpe:2.3:a:drupal:drupal:4.4.0:::::::* cpe:2.3:a:drupal:drupal:4.4:::::::* cpe:2.3:a:drupal:drupal:4.3.2:::::::* cpe:2.3:a:drupal:drupal:4.3.1:::::::* cpe:2.3:a:drupal:drupal:4.3.0:::::::* cpe:2.3:a:drupal:drupal:4.2.0_rc:::::::* cpe:2.3:a:drupal:drupal:4.2.0:::::::* cpe:2.3:a:drupal:drupal:4.1.0:::::::* cpe:2.3:a:drupal:drupal:4.0.0:::::::* cpe:2.3:a:drupal:drupal:4.0:::::::* cpe:2.3:a:drupal:drupal:::::::: cpe:2.3:a:drupal:drupal:-:::::::*	209
Application	Secure Password Hashes Project Secure Passwords Hashes cpe:2.3:a:secure_password_hashes_project:secure_passwords_hashes::::::drupal::*	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:debian:debian_linux:6.0:::::::*	4

ExploitDB Exploits

id	Description
2014-10-17	Drupal Core <= 7.32 - SQL Injection (PHP)
2014-10-17	Drupal Core <= 7.32 - SQL Injection (#2)

Snort® IPS/IDS

Date	Description
2014-12-02	Drupal 7 pre auth injection attempt RuleID : 32353 - Revision : 5 - Type : SQL

Nessus® Vulnerability Scanner

Date	Description
2015-03-31	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-181.nasl - Type : ACT_GATHER_INFO
2015-03-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3200.nasl - Type : ACT_GATHER_INFO
2015-03-20	Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_35.nasl - Type : ACT_GATHER_INFO
2015-01-05	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5e1351788aeb11e4801f0022156e8794.nasl - Type : ACT_GATHER_INFO
2014-12-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-15630.nasl - Type : ACT_GATHER_INFO
2014-12-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-15583.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-15528.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-15522.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-15519.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-15515.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_34.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3075.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-12934.nasl - Type : ACT_GATHER_INFO
2014-10-29	Name : The remote Fedora host is missing a security update. File : fedora_2014-13053.nasl - Type : ACT_GATHER_INFO
2014-10-29	Name : The remote Fedora host is missing a security update. File : fedora_2014-13030.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6f825fa4556011e4a4c300a0986f28c4.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3051.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote web server is running a PHP application that is affected by a SQL ... File : drupal_7_core_sqli.nasl - Type : ACT_ATTACK
2014-10-16	Name : The remote web server is running a PHP application that is affected by a SQL ... File : drupal_7_32.nasl - Type : ACT_GATHER_INFO
2014-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2014-8515.nasl - Type : ACT_GATHER_INFO
2014-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2014-8485.nasl - Type : ACT_GATHER_INFO
2014-07-21	Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_29.nasl - Type : ACT_GATHER_INFO
2014-07-21	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2983.nasl - Type : ACT_GATHER_INFO
2014-04-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2914.nasl - Type : ACT_GATHER_INFO
2014-04-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2913.nasl - Type : ACT_GATHER_INFO
2014-04-21	Name : The remote web server is running a PHP application that is affected by an inf... File : drupal_6_31.nasl - Type : ACT_GATHER_INFO
2014-04-21	Name : The remote web server is running a PHP application that is affected by an inf... File : drupal_7_27.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-09-27 12:06:47	Multiple Updates
2015-04-02 13:28:08	Multiple Updates
2015-03-30 17:24:58	First insertion

Global Informations

Type	Count
CWE ID(s)	10
Oval ID(s)	3
CPE ID(s)	214
ExploitDB Exploit(s)	2
Snort® Rule(s)	1
Nessus® Exploit(s)	27

	Related
7.5	CVE-2014-3704
6.8	CVE-2014-9015
6.1	CVE-2015-2750
6.1	CVE-2015-2749
5	CVE-2014-9016
5	CVE-2014-5019
5	CVE-2014-2983
4.9	CVE-2014-5020
4.3	CVE-2014-5022
3.5	CVE-2015-2559
2.1	CVE-2014-5021
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 11 more Alert(s)