This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Drupal development team reports :
The Overlay module in Drupal core displays administrative pages as a
the page in the browser window. The Overlay module does not
sufficiently validate URLs prior to displaying their contents, leading
to an open redirect vulnerability.
This vulnerability is mitigated by the fact that it can only be used
against site users who have the 'Access the administrative overlay'
permission, and that the Overlay module must be enabled.
An incomplete fix for this issue was released as part of
See also :
Update the affected package.
Risk factor :