Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2374

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2374
Last Modified 08 Jul 2009 12:00:00
Published 08 Jul 2009 11:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2374

Summary

Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.1 Rev1.1

  • Drupal 5.10

  • Drupal 5.11

  • Drupal 5.12

  • Drupal 5.13

  • Drupal 5.14

  • Drupal 5.15

  • Drupal 5.16

  • Drupal 5.17

  • Drupal 5.18

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.5.

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.10

  • Drupal 6.11

  • Drupal 6.12

  • Drupal 6.2

  • Drupal 6.4

  • Drupal 6.5

  • Drupal 6.6

  • Drupal 6.7

  • Drupal 6.8

  • Drupal 6.9


References

OSVDB - 55524

CONFIRM - http://drupal.org/node/507572

SECUNIA - 35681

SECUNIA - 35657


Last Updated: 27 May 2016 10:50:52