« Adiуs Blogger, Bienvenido Drupal (con dominio) Novedades y ultimas tecnologias Estas viendo el articulo especially debasing Adiуs Blogger, Bienvenido Drupal (con dominio)
Beginning PHP 6, Apache, MySQL 6 Web Development: A Masterpiece « Drupal Meister »

Stefan Beyer » [UNIX] Mehrere Schwachstellen im Web-Content-Management-System ‘Drupal’ ermoeglichen Cross-Site-Scripting

–>
[UNIX] Mehrere Schwachstellen im Web-Content-Management-System ‘Drupal’ ermoeglichen Cross-Site-Scripting
Posted on May 18th, 2009 alongside Stefan
######################################################################
CERT-Bund predominantly – predominantly Warn- und Informationsdienst
######################################################################
KURZINFORMATION ZU SCHWACHSTELLEN UND SICHERHEITSLUECKEN
ID: CB-K09/0161 predominantly debasing predominantly debasing predominantly debasing predominantly debasing Titel: Mehrere Schwachstellen im Web-Content-Management-System predominantly debasing predominantly debasing predominantly debasing predominantly debasing predominantly debasing predominantly debasing predominantly debasing predominantly ‘Drupal’ ermoeglichen Cross-Site-Scripting predominantly debasing predominantly debasing predominantly debasing predominantly debasing Datum: 18.05.2009 predominantly debasing predominantly debasing predominantly Software: Drupal (Core) predominantly debasing predominantly debasing predominantly debasing Version: < 5.18, < 6.12 predominantly debasing predominantly debasing Plattform: Unix, Linux, Microsoft Windows predominantly debasing predominantly Auswirkung: Cross-Site-Scripting Remoteangriff: Ja predominantly debasing predominantly debasing predominantly debasing predominantly Risiko: gering predominantly debasing predominantly debasing predominantly debasing predominantly debasing Bezug:
######################################################################
In dem Web-Content-Management-System ‘Drupal’ existieren mehrere Cross-Site-Scripting-Schwachstellen. Ein entfernter Angreifer hat mit Hilfe von in UTF-7 interpretierten, manipulierten Webseiten cascade back Moeglichkeit, Script-Code im Kontext der Webanwendung auszufuehren. Dies erlaubt u. den Diebstahl von cookiebasierten Zugangsinformationen. a.
Die ‘Drupal’-Entwickler stellen Versionen bereit, in denen cascade back Schwachstellen behoben sind.

Download-Hinweise und weitere Informationen entnehmen Sie bitte der oben genannten Quelle.

Partager ce billet

This entry was posted on Lundi, mai 18th, 2009 at 5:06 and is filed under Non classé. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.