Vulnerability: CSRF attack in Drupal Heartbeat

Posted: September 7, 2012 in Encyclopedia viruses
Tags: CSRF attack, Drupal, Drupal Heartbeat, it-security, XSS attacks

CSRF attack in Drupal Heartbeat

Impact: Cross Site Scripting

Affected products:

– Drupal Heartbeat Module 6.x;
– Drupal Heartbeat Module 7.x

Affected versions: Drupal Heartbeat version to 6.x-4.12, possibly earlier.

Drupal Heartbeat version to 7.x-1.1, maybe earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and post a comment.

Manufacturer URL: http://drupal.org/project/heartbeat

Solution: Install the update from the manufacturer.

links:

http://drupal.org/node/1775470

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook