Disclosure of sensitive data in Drupal

Posted: October 21, 2012 in Vulnerabilities
Tags: , , ,

Drupal logoVulnerability: Disclosure of sensitive data in Drupal

Danger: Low
If the Patch: Yes
Number of vulnerabilities: 1

Impact: Disclosure of sensitive data
Affected products: Drupal 7.x
Affected versions: Drupal version to 7.16.

Description:

The vulnerability allows a remote user to gain access to sensitive data on the system.

An error in the processing module OpenID malicious DOCTYPE. This can be exploited to disclose the contents of local files, trying to pass through a malicious OpenID authentication server.

Manufacturer : Drupal.org

Solution: Update to version 7.16 from the manufacturer.

links:

http://drupal.org/node/1815912

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s