HomePentest-Tools.com Logo

Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Windows CVE-2016-3171CVE-2016-3167CVE-2016-3165CVE-2016-3166

Severity
CVSSv3 Score
8.1
Vulnerability description

Drupal is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - An error in session data truncation which can lead to unserialization of user provided data - The drupal_goto function improperly decodes the contents of $_REQUEST[destination] before using it. - Form API ignores access restrictions on submit buttons. - An error in the drupal_set_header function. Successful exploitation will allow remote attackers to cause remote code execution, initiate a redirect to an arbitrary external URL, bypass security restrictions and inject arbitrary HTTP headers.

Recommendation

Update to version 6.38 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 12, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available