Drupal Fixes Critical Vulnerabilities

Monday, July 21, 2014 @ 04:07 PM gHale

Versions of the Drupal framework earlier than 7.29 and 6.32 have risks that would allow an attacker to conduct denial-of-service (DoS) and cross-site scripting attacks and gain access to private files, officials said.

The DoS attack can end up deployed using a malicious HTTP Host header. This is achievable because the validation of the HTTP Host header does not occur properly, and malcrafted header values could lead to denial of service, said researchers on the Drupal Security Team.

RELATED STORIES
Details on DDoS Linux Trojan
Newer, More Secure Trojan Found
Big Bank Haul in One Week
APT Alert: Two Airports Hacked

Accessing private data relates to the File module available in Drupal 7, which allows to attach files to pieces of content. However, it appears the module “doesn’t sufficiently check permission to view the attached file when attaching a file that was previously uploaded.”

The XSS vulnerabilities are moderately critical. One of them was possible because of Drupal’s form API improper sanitization of option group labels in select elements.

The other cross-site scripting flaw was in the Ajax system and was in forms that included a combination of an Ajax-enabled text field and a file field.

All of the vulnerabilities can end up exploited remotely and users should upgrade their versions of Drupal to 7.29 or 6.32 in order to eliminate the critical security risks in the core of Drupal 6 and 7.



Leave a Reply

You must be logged in to post a comment.