Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0273

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0273
Last Modified 07 Mar 2011 10:04:15
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0273

Summary

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

Vulnerable Systems

Application

  • Drupal 4.0.0

  • Drupal 4.1.0

  • Drupal 4.2.0 Rc

  • Drupal 4.4

  • Drupal 4.4.1

  • Drupal 4.4.2

  • Drupal 4.4.3

  • Drupal 4.5

  • Drupal 4.5.1

  • Drupal 4.5.2

  • Drupal 4.5.3

  • Drupal 4.5.4

  • Drupal 4.5.5

  • Drupal 4.5.6

  • Drupal 4.5.7

  • Drupal 4.5.8

  • Drupal 4.6

  • Drupal 4.6.1

  • Drupal 4.6.10

  • Drupal 4.6.11

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.6.7

  • Drupal 4.6.8

  • Drupal 4.6.9

  • Drupal 4.7

  • Drupal 4.7 Rev 1.15

  • Drupal 4.7 Rev 1.2

  • Drupal 4.7.1

  • Drupal 4.7.10

  • Drupal 4.7.2

  • Drupal 4.7.3

  • Drupal 4.7.4

  • Drupal 4.7.5

  • Drupal 4.7.6

  • Drupal 4.7.7

  • Drupal 4.7.8

  • Drupal 4.7.9

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.1 Rev1.1

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5.


References

BID - 27238

SECUNIA - 28422

XF - drupal-utf8-xss(39619)

VUPEN - ADV-2008-0134

VUPEN - ADV-2008-0127

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?t=1349

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?p=6878

SECUNIA - 28486

CONFIRM - http://drupal.org/node/208564


Last Updated: 27 May 2016 10:46:44