Drupal Information Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with Drupal and is prone to Information Disclosure vulnerability.

Impact

Attackers can exploit this issue to obtain that set of credentials which are included in the generated links. Impact Level: Application

Solution

Upgrade to Drupal 5.19 or 6.13 or later http://drupal.org

Insight

Application fails to sanitize login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from the HTTP referer header of external web sites that are visited from those links or when page caching is enabled, the Drupal page cache.

Affected

Drupal Version 5.x before 5.19 and 6.x before 6.13 on all platforms.

References

http://drupal.org/node/507572
http://secunia.com/advisories/35657
http://securitytracker.com/alerts/2009/Jul/1022497.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2374
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Solr Directory Traversal Vulnerability Jan-14
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Take action and discover your vulnerabilities