漏洞信息详情
Drupal 信息泄露漏洞
- CNNVD编号:CNNVD-200905-080
- 危害等级: 低危
- CVE编号: CVE-2009-1576
- 漏洞类型: 资料不足
- 发布时间: 2009-05-06
- 威胁类型: 远程
- 更新时间: 2009-05-20
- 厂 商: drupal
- 漏洞来源: pod.Edge and Morit...
漏洞简介
Drupal是一个使用PHP编写的开放源码内容管理系统(CMS)。
Drupal 5.17版本之前的5.x版本和6.11版本之前的6.x版本中存在未明漏洞,当在 vbDrupal 5.17.0版本之前的版本运行时,用户协助式的远程攻击者通过欺骗受害人访问具有一个特制的URL的站点并引起格式数据被发送至一个由攻击者控制的战斗,以获得敏感信息。它可能与多个/字符有关,且该/字符没有适当地被includes/bootstrap.in处理过,例如运行搜索框。注意:该漏洞能进一步扩大到执行跨站请求伪造攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Drupal Drupal 5.13
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.10
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 ia-64
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.12
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.2
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 alpha
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.3
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 ia-32
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 6.9
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
Debian Linux 5.0 s/390
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.9
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 mipsel
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.1
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.0
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.6
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 6.1
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
Drupal Drupal 5.16
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 hppa
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.8
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.15
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 5.1 revision 1.1
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 m68k
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Debian Linux 5.0 arm
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 5.11
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 6.10
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
Drupal Drupal 5.5
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Debian Linux 5.0 armel
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Debian Linux 5.0
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 6.5
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
Drupal Drupal 5.7
Drupal drupal-5.17.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.17.tar.gz
Drupal Drupal 6.7
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
Debian Linux 5.0 amd64
Debian drupal6_6.6-3lenny1_all.deb
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
Drupal Drupal 6.3
Drupal drupal-6.11.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.11.tar.gz
参考网址
来源: FEDORA
名称: FEDORA-2009-4203
链接:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.HTML
来源: FEDORA
名称: FEDORA-2009-4175
链接:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.HTML
来源: www.vbdrupal.org
链接:http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953
来源: drupal.org
链接:http://drupal.org/node/449078
来源: MISC
链接:http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch
来源: VUPEN
名称: ADV-2009-1216
链接:http://www.vupen.com/english/advisories/2009/1216
来源: OSVDB
名称: 54153
链接:http://www.osvdb.org/54153
来源: DEBIAN
名称: DSA-1792
链接:http://www.debian.org/security/2009/dsa-1792
来源: SECUNIA
名称: 34980
链接:http://secunia.com/advisories/34980
来源: SECUNIA
名称: 34950
链接:http://secunia.com/advisories/34950
来源: SECUNIA
名称: 34948
链接:http://secunia.com/advisories/34948
受影响实体
- Drupal Drupal:6.7
- Drupal Drupal:6.3
- Drupal Drupal:6.4
- Drupal Drupal:6.5
- Drupal Drupal:6.9
补丁
暂无
评论