Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DRUPAL_7_39.NASL
HistoryAug 26, 2015 - 12:00 a.m.

Drupal 7.x < 7.39 Multiple Vulnerabilities

2015-08-2600:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
71

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON

The remote web server is running a version of Drupal that is 7.x prior to 7.39. It is, therefore, potentially affected by the following vulnerabilities :

  • A cross-site scripting vulnerability exists in the autocomplete functionality due to improper validation of input passed via requested URLs. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.
    (CVE-2015-6658)

  • A SQL injection vulnerability exists in the SQL comment filtering system due to improper sanitization of user-supplied input before using it in SQL queries. An authenticated, remote attacker can exploit this to inject SQL queries, resulting in the manipulation or disclosure of arbitrary data. (CVE-2015-6659)

  • A cross-site request forgery vulnerability exists in the form API due to improper validation of form tokens. An authenticated, remote attacker can exploit this, via a specially crafted link, to upload arbitrary files under another user’s account. (CVE-2015-6660)

  • An information disclosure vulnerability exists that allows a remote, authenticated user to view the titles of nodes that they do not have access to.
    (CVE-2015-6661)

  • A cross-site scripting vulnerability exists due to improper validation of user-supplied input when invoking Drupal.ajax() on whitelisted HTML elements. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.
    (CVE-2015-6665)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85653);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2015-6658",
    "CVE-2015-6659",
    "CVE-2015-6660",
    "CVE-2015-6661",
    "CVE-2015-6665"
  );

  script_name(english:"Drupal 7.x < 7.39 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a PHP application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote web server is running a version of Drupal that is 7.x prior
to 7.39. It is, therefore, potentially affected by the following
vulnerabilities :

  - A cross-site scripting vulnerability exists in the
    autocomplete functionality due to improper validation of
    input passed via requested URLs. An authenticated,
    remote attacker can exploit this, via a specially
    crafted request, to execute arbitrary script code.
    (CVE-2015-6658)

  - A SQL injection vulnerability exists in the SQL comment
    filtering system due to improper sanitization of
    user-supplied input before using it in SQL queries. An
    authenticated, remote attacker can exploit this to
    inject SQL queries, resulting in the manipulation or
    disclosure of arbitrary data. (CVE-2015-6659)

  - A cross-site request forgery vulnerability exists in the
    form API due to improper validation of form tokens. An
    authenticated, remote attacker can exploit this, via a
    specially crafted link, to upload arbitrary files under
    another user's account. (CVE-2015-6660)

  - An information disclosure vulnerability exists that
    allows a remote, authenticated user to view the titles
    of nodes that they do not have access to.
    (CVE-2015-6661)

  - A cross-site scripting vulnerability exists due to
    improper validation of user-supplied input when invoking
    Drupal.ajax() on whitelisted HTML elements. A remote
    attacker can exploit this, via a specially crafted
    request, to execute arbitrary script code.
    (CVE-2015-6665)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/SA-CORE-2015-003");
  script_set_attribute(attribute:"see_also", value:"https://www.drupal.org/project/drupal/releases/7.39");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Drupal version 7.39 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6659");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/26");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:drupal:drupal");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("drupal_detect.nasl");
  script_require_keys("www/PHP", "installed_sw/Drupal", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "Drupal";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];
url = build_url(qs:dir, port:port);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if (version =~ "^7\.([0-9]|[1-2][0-9]|3[0-8])($|[^0-9]+)")
{
  set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + url +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 7.39' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, url, version);
VendorProductVersionCPE
drupaldrupalcpe:/a:drupal:drupal

Related

nessus 13
openvas 11
mageia 1
osv 1
debian 1
drupal 2
securityvulns 2
fedora 7
ubuntucve 5
prion 5
cve 5
debiancve 5
nvd 5
cvelist 5
nessus
nessus
Fedora 21 : drupal6-6.37-1.fc21 (2015-14442)
2015-09-08 00:00:00
Fedora 22 : drupal6-6.37-1.fc22 (2015-14444)
2015-09-08 00:00:00
Fedora 23 : drupal7-7.39-1.fc23 (2015-13915)
2015-08-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3346-1)
2015-08-30 00:00:00
Fedora Update for drupal6 FEDORA-2015-14442
2015-09-07 00:00:00
Fedora Update for drupal7 FEDORA-2015-13917
2015-09-07 00:00:00
mageia
mageia
Updated drupal packages fix security vulnerabilities
2015-08-27 23:49:46
osv
osv
drupal7 - security update
2015-08-31 00:00:00
debian
debian
[SECURITY] [DSA 3346-1] drupal7 security update
2015-08-31 10:36:43
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003
2015-08-19 00:00:00
Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141
2015-08-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3346-1] drupal7 security update
2015-10-26 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: drupal6-6.37-1.fc23
2015-09-06 01:49:44
[SECURITY] Fedora 21 Update: drupal7-7.39-1.fc21
2015-09-06 06:25:08
[SECURITY] Fedora 23 Update: drupal6-6.37-1.fc23
2015-09-06 17:19:14
ubuntucve
ubuntucve
CVE-2015-6658
2015-08-24 00:00:00
CVE-2015-6661
2015-08-24 00:00:00
CVE-2015-6660
2015-08-24 00:00:00
prion
prion
Cross site scripting
2015-08-24 14:59:00
Cross site request forgery (csrf)
2015-08-24 14:59:00
Authentication flaw
2015-08-24 14:59:00
cve
cve
CVE-2015-6665
2015-08-24 14:59:22
CVE-2015-6660
2015-08-24 14:59:17
CVE-2015-6659
2015-08-24 14:59:16
debiancve
debiancve
CVE-2015-6660
2015-08-24 14:59:00
CVE-2015-6658
2015-08-24 14:59:00
CVE-2015-6661
2015-08-24 14:59:00
nvd
nvd
CVE-2015-6665
2015-08-24 14:59:22
CVE-2015-6658
2015-08-24 14:59:15
CVE-2015-6661
2015-08-24 14:59:18
cvelist
cvelist
CVE-2015-6661
2015-08-24 14:00:00
CVE-2015-6659
2015-08-24 14:00:00
CVE-2015-6665
2015-08-24 14:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for DRUPAL_7_39.NASL
nessus13openvas11mageia1osv1debian1drupal2securityvulns2fedora7ubuntucve5prion5cve5debiancve5nvd5cvelist5