Disclosure of sensitive data in Drupal

Posted: October 21, 2012 in Vulnerabilities
Tags: authentication server, Drupal, OpenID, vulnerability disclosure

Vulnerability: Disclosure of sensitive data in Drupal

Danger: Low
If the Patch: Yes
Number of vulnerabilities: 1

Impact: Disclosure of sensitive data
Affected products: Drupal 7.x
Affected versions: Drupal version to 7.16.

Description:

The vulnerability allows a remote user to gain access to sensitive data on the system.

An error in the processing module OpenID malicious DOCTYPE. This can be exploited to disclose the contents of local files, trying to pass through a malicious OpenID authentication server.

Manufacturer : Drupal.org

Solution: Update to version 7.16 from the manufacturer.

links:

http://drupal.org/node/1815912

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook