Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-6385HistoryDec 07, 2013 - 9:55 p.m.
CVE-2013-6385
2013-12-0721:55:00
Debian Security Bug Tracker
security-tracker.debian.org
11
0.056 Low
EPSS
Percentile
93.3%
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | drupal7 | < 7.52-2+deb9u11 | drupal7_7.52-2+deb9u11_all.deb |
Related
prion
prion
Input validation
2013-12-07 21:55:00
cve
cve
CVE-2013-6385
2013-12-07 21:55:10
nvd
nvd
CVE-2013-6385
2013-12-07 21:55:10
ubuntucve
ubuntucve
CVE-2013-6385
2013-12-07 00:00:00
cvelist
cvelist
CVE-2013-6385
2013-12-07 21:00:00
nessus
nessus
Drupal 6.x < 6.29 Multiple Vulnerabilities
2013-11-30 00:00:00
Debian DSA-2828-1 : drupal6 - several vulnerabilities
2013-12-30 00:00:00
Fedora 20 : drupal7-7.24-1.fc20 (2013-21956)
2013-12-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2828-1)
2013-12-27 00:00:00
Debian Security Advisory DSA 2828-1 (drupal6 - several vulnerabilities)
2013-12-28 00:00:00
Fedora Update for drupal7 FEDORA-2013-21844
2013-12-03 00:00:00
debian
debian
[SECURITY] [DSA 2828-1] drupal6 security update
2013-12-28 10:23:54
[SECURITY] [DSA 2828-1] drupal6 security update
2013-12-28 10:23:54
[SECURITY] [DSA 2804-1] drupal7 security update
2013-11-26 16:50:04
fedora
fedora
[SECURITY] Fedora 20 Update: drupal6-6.29-1.fc20
2013-12-14 03:31:43
[SECURITY] Fedora 20 Update: drupal7-7.24-1.fc20
2013-12-14 03:03:56
[SECURITY] Fedora 19 Update: drupal6-6.29-1.fc19
2013-12-12 02:55:40
mageia
mageia
Updated drupal package fixes security vulnerabilities
2013-12-01 01:35:13
drupal
drupal
SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities
2013-11-20 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:287 ] drupal
2013-12-09 00:00:00