Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2015:181 | First vendor Publication | 2015-03-30 |
Vendor | Mandriva | Last vendor Modification | 2015-03-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated drupal packages fix security vulnerabilities: An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983). Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022). A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint. An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704). Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session (CVE-2014-9015). Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service) (CVE-2014-9016). anonymous users (CVE-2014-9016). Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559). Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750). The drupal package has been updated to version 7.35 to fix this issue and other bugs. See the upstream advisory and release notes for more details. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:181 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
20 % | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') (CWE/SANS Top 25) |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
10 % | CWE-284 | Access Control (Authorization) Issues |
10 % | CWE-200 | Information Exposure |
10 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
10 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24560 | |||
Oval ID: | oval:org.mitre.oval:def:24560 | ||
Title: | DSA-2914-1 drupal6 - security update | ||
Description: | An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2914-1 CVE-2014-2983 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | drupal6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27030 | |||
Oval ID: | oval:org.mitre.oval:def:27030 | ||
Title: | DSA-3051-1 drupal7 - security update | ||
Description: | Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3051-1 CVE-2014-3704 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | drupal7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28341 | |||
Oval ID: | oval:org.mitre.oval:def:28341 | ||
Title: | DSA-3075-1 -- drupal7 security update | ||
Description: | Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3075-1 CVE-2014-9015 CVE-2014-9016 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | drupal7 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-10-17 | Drupal Core <= 7.32 - SQL Injection (PHP) |
2014-10-17 | Drupal Core <= 7.32 - SQL Injection (#2) |
Snort® IPS/IDS
Date | Description |
---|---|
2014-12-02 | Drupal 7 pre auth injection attempt RuleID : 32353 - Revision : 5 - Type : SQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-181.nasl - Type : ACT_GATHER_INFO |
2015-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3200.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_35.nasl - Type : ACT_GATHER_INFO |
2015-01-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5e1351788aeb11e4801f0022156e8794.nasl - Type : ACT_GATHER_INFO |
2014-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15630.nasl - Type : ACT_GATHER_INFO |
2014-12-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15583.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15528.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15522.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15519.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-15515.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_34.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3075.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12934.nasl - Type : ACT_GATHER_INFO |
2014-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13053.nasl - Type : ACT_GATHER_INFO |
2014-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13030.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6f825fa4556011e4a4c300a0986f28c4.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3051.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote web server is running a PHP application that is affected by a SQL ... File : drupal_7_core_sqli.nasl - Type : ACT_ATTACK |
2014-10-16 | Name : The remote web server is running a PHP application that is affected by a SQL ... File : drupal_7_32.nasl - Type : ACT_GATHER_INFO |
2014-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8515.nasl - Type : ACT_GATHER_INFO |
2014-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8485.nasl - Type : ACT_GATHER_INFO |
2014-07-21 | Name : The remote web server is running a PHP application that is affected by multip... File : drupal_7_29.nasl - Type : ACT_GATHER_INFO |
2014-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2983.nasl - Type : ACT_GATHER_INFO |
2014-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2914.nasl - Type : ACT_GATHER_INFO |
2014-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2913.nasl - Type : ACT_GATHER_INFO |
2014-04-21 | Name : The remote web server is running a PHP application that is affected by an inf... File : drupal_6_31.nasl - Type : ACT_GATHER_INFO |
2014-04-21 | Name : The remote web server is running a PHP application that is affected by an inf... File : drupal_7_27.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-09-27 12:06:47 |
|
2015-04-02 13:28:08 |
|
2015-03-30 17:24:58 |
|