FrSIRT - Drupal Cross Site Scripting and Information Disclosure Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Drupal Cross Site Scripting and Information Disclosure Vulnerabilities

Title : Drupal Cross Site Scripting and Information Disclosure Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3546
CVE ID : CVE-2007-5593 - CVE-2007-5594 - CVE-2007-5595 - CVE-2007-5596 - CVE-2007-5597
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-19

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Drupal, which could be exploited to gain knowledge of sensitive information, or conduct cross site scripting, SQL Injection and HTTP response splitting attacks.

The first issue is caused by unspecified input validation errors when processing user-supplied data, which could be exploited by attackers to inject arbitrary HTTP headers.

The second vulnerability is caused by an input validation error in the Upload module when displaying ".html" files, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

The third issue is caused by an error in the "comment_save()" function within the Comments module where the publication status of comments is not passed during the "hook_comments" API operation, which could cause various modules that rely on the publication status (e.g. Organic groups or Subscriptions) to send emails containing unpublished comments.

The fourth issue is caused by an input validation error in the "install.php" script, which could be exploited to conduct SQL Injection attacks.

The fifth issue is caused by an error when handling HTTP requests, which could be exploited to conduct cross-site request forgery attacks.

Credits

Vulnerabilities reported by the vendor, Mark Fallon, Wolfgang Ziegler, Stefan Esser and Mayflower.

ChangeLog

2007-10-19 : Initial release
2007-10-24 : Updated Description

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities