 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800909 |
| Categoría: | Web application abuses |
| Título: | Drupal Information Disclosure Vulnerability |
| Resumen: | Drupal is prone to an information disclosure vulnerability. |
| Descripción: | Summary: Drupal is prone to an information disclosure vulnerability. Vulnerability Insight: Application fails to sanitize login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from the HTTP referer header of external web sites that are visited from those links or when page caching is enabled, the Drupal page cache. Vulnerability Impact: Attackers can exploit this issue to obtain that set of credentials which are included in the generated links. Affected Software/OS: Drupal Version 5.x before 5.19 and 6.x before 6.13 on all platforms. Solution: Upgrade to Drupal 5.19 or 6.13 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2374 http://osvdb.org/55524 http://secunia.com/advisories/35657 http://secunia.com/advisories/35681 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |