Being Open About The Open Source Drupal URL Vulnerabilities

News

Contributed by: Lauren Gerber
Date: July 2, 2009

	-1 Vote 0	Being Open About The Open Source Drupal URL Vulnerabilities

We could all change the online world and make it more secure for everyone, if we all had a good knowledge of computer security vulnerabilities. The truth is that we don't and the wise thing to do is learn as much as we can, in order to have a safer online experience. Having said this, multiple vulnerabilities have been discovered in Drupal.

Drupal is a wonderful open source content management platform. It provides its users with many exciting features. You can perform a variety of tasks on a variety of web sites with the use of Drupal. The program was developed and is maintained by a huge community of computer developers, which help to ensure its credibility. It may be used with any browser, with the inclusion of Mozilla Firefox 2. Some of the files of Mozilla Firefox 2 may include but are not limited to the following: nsBrowserGlue.js, reporter.js, WebContentConverter.js, nsXmlRpcClient.js as well as firefox.js.

The impact of the Drupal vulnerabilities

The bypassing of security, without the required authorization.

The exposure of certain confidential information.

Cross site scripting.

Table 1. The impact of the Drupal vulnerabilities

Some of the Drupal Vulnerabilities are related to the following:

A security error that exists due to the factor that Drupal generated a page which includes URLS that have sensitive information. If a user goes as far as entering these URLS, then this could result in information leaking onto others pages. This may happen due to it leaking from the HTTP "refer" header.
There is an unspecified error which passes input from the URL to the forum module. The input is not able to be returned to the user correctly which could allow for the execution of arbitrary HTML and script code taking place. This all happens in the browser session of a user, with regards to an affected site.
Another vulnerability exists due to users actually being able to modify their signatures to a format that they should not be able to access. If an administrator goes as far as changing the comment style to a format which is more powerful, then this could allow for a script insertion attack taking place.

These vulnerabilities, for once, have been rated as less critical and a solution does exist. The solution to this vulnerability would be for all users to make sure that they update to version 5.19 or alternatively apply the latest and relevant patches which are made available. In all honesty it is better to be safe than sorry.

Resources:
The Drupal patch.
The Drupal advisory.
About Drupal.
Some Mozilla Firefox 2 vulnerabilities.

User Comments

rogerkk July 7, 2009

Drupal Theme Developer, is a best Drupal Theme web developing firm in India. We build affordable web for best price. We develop Drupal projects for any web and web pages. We do, Drupal Outsourcing project, PHP & Mysql outsource web development. http://www.drupal-web-developers.com/drupal-theme- development

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Download (Spyware/Trojan Detection), SCAN, BLOCK Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now