oval:org.mitre.oval:def:13660

Definition Id: oval:org.mitre.oval:def:13660
 
Oval ID: oval:org.mitre.oval:def:13660
Title: DSA-1930-1 drupal6 -- several vulnerabilities
Description: Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for a user to inject arbitrary code via a crafted user signature. CVE-2009-2373 Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site scripting issue in the forum module, which could be exploited via the tid parameter. CVE-2009-2374 Sumit Datta discovered that certain drupal6 pages leak sensible information such as user credentials. Several design flaws in the OpenID module have been fixed, which could lead to cross-site request forgeries or privilege escalations. Also, the file upload function does not process all extensions properly leading to the possible execution of arbitrary code. For the stable distribution, these problems have been fixed in version 6.6-3lenny3. The oldstable distribution does not contain drupal6. For the testing distribution and the unstable distribution, these problems have been fixed in version 6.14-1. We recommend that you upgrade your drupal6 packages.
Family: unix Class: patch
Reference(s): DSA-1930-1
CVE-2009-2372
CVE-2009-2373
CVE-2009-2374
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): drupal6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13660