FreeBSD : drupal -- XSS (register_globals) (f0fa19dd-c060-11dc-982e-001372fd0af2)

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Drupal Project reports :

When theme .tpl.php files are accessible via the web and the PHP
setting register_globals is set to enabled, anonymous users are able
to execute cross site scripting attacks via specially crafted links.

Drupal's .htaccess attempts to set register_globals to disabled and
also prevents access to .tpl.php files. Only when both these measures
are not effective and your PHP interpreter is configured with
register_globals set to enabled, will this issue affect you.

See also :

http://drupal.org/node/208565
http://www.nessus.org/u?761caa1a

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29952 (freebsd_pkg_f0fa19ddc06011dc982e001372fd0af2.nasl)

Bugtraq ID:

CVE ID: CVE-2008-0274

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now