This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Drupal Security Team reports :
Multiple vulnerabilities were fixed in the supported Drupal core
versions 6 and 7.
- Multiple vulnerabilities due to optimistic cross-site request
forgery protection (Form API validation - Drupal 6 and 7)
- Multiple vulnerabilities due to weakness in pseudorandom number
generation using mt_rand() (Form API, OpenID and random password
generation - Drupal 6 and 7)
- Code execution prevention (Files directory .htaccess for Apache -
Drupal 6 and 7)
- Access bypass (Security token validation - Drupal 6 and 7)
- Cross-site scripting (Image module - Drupal 7)
- Cross-site scripting (Color module - Drupal 7)
- Open redirect (Overlay module - Drupal 7)
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now