Vulnerability: CSRF attack in Drupal Heartbeat

Posted: September 7, 2012 in Encyclopedia viruses
Tags: , , , ,

Cross-site scriptingCSRF attack in Drupal Heartbeat

Impact: Cross Site Scripting

Affected products:

– Drupal Heartbeat Module 6.x;
– Drupal Heartbeat Module 7.x

Affected versions: Drupal Heartbeat version to 6.x-4.12, possibly earlier.

Drupal Heartbeat version to 7.x-1.1, maybe earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and post a comment.

Manufacturer URL: http://drupal.org/project/heartbeat

Solution: Install the update from the manufacturer.

links:

http://drupal.org/node/1775470

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s