6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.166 Low
EPSS
Percentile
96.1%
The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities :
An arbitrary PHP code execution vulnerability exists due to an error in the ‘installer.php’ script. An attacker, under certain conditions, could use this to re-install Drupal via an external database server, which then could allow the execution of arbitrary PHP code on the original server. This vulnerability is mitigated by the fact that the re-installation can only be successful if the site’s ‘settings.php’ file or directories are writeable by, or owned by, the web server user.
(CVE-2012-4553)
An information disclosure vulnerability exists for sites using the OpenID module. This could allow an attacker to read files on the local system by attempting to log into the site using a malicious OpenID server.
(CVE-2012-4554)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(62678);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/07");
script_cve_id("CVE-2012-4553", "CVE-2012-4554");
script_bugtraq_id(56103);
script_name(english:"Drupal 7.x < 7.16 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a PHP application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote web server is running a version of Drupal that is 7.x prior
to 7.16. It is, therefore, potentially affected by multiple
vulnerabilities :
- An arbitrary PHP code execution vulnerability exists due
to an error in the 'installer.php' script. An attacker,
under certain conditions, could use this to re-install
Drupal via an external database server, which then could
allow the execution of arbitrary PHP code on the
original server. This vulnerability is mitigated by the
fact that the re-installation can only be successful if
the site's 'settings.php' file or directories are
writeable by, or owned by, the web server user.
(CVE-2012-4553)
- An information disclosure vulnerability exists for sites
using the OpenID module. This could allow an attacker to
read files on the local system by attempting to log into
the site using a malicious OpenID server.
(CVE-2012-4554)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/node/1815912");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 7.16 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2012/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/24");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:drupal:drupal");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");
script_dependencies("drupal_detect.nasl");
script_require_keys("www/PHP", "installed_sw/Drupal", "Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app = "Drupal";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
dir = install['path'];
version = install['version'];
loc = build_url(qs:dir, port:port);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# 7.x < 7.16 are affected
if (version =~ "^7\.([0-9]|1[0-5])($|[^0-9]+)")
{
if (report_verbosity > 0)
{
report =
'\n URL : ' + loc +
'\n Installed version : ' + version +
'\n Fixed version : 7.16' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, loc, version);