FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

high Nessus Plugin ID 71239

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Drupal Security Team reports :

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.

- Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)

- Multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() (Form API, OpenID and random password generation - Drupal 6 and 7)

- Code execution prevention (Files directory .htaccess for Apache - Drupal 6 and 7)

- Access bypass (Security token validation - Drupal 6 and 7)

- Cross-site scripting (Image module - Drupal 7)

- Cross-site scripting (Color module - Drupal 7)

- Open redirect (Overlay module - Drupal 7)

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 71239

File Name: freebsd_pkg_d96498165e0d11e38d233c970e169bc2.nasl

Version: 1.5

Type: local

Family: FreeBSD Local Security Checks

Published: 12/6/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal6, p-cpe:/a:freebsd:freebsd:drupal7, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/6/2013

Vulnerability Publication Date: 11/20/2013

Detections

Analytics