Summary
Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 6.28-1.
For the stable distribution (wheezy), these problems have already been fixed in the drupal7 package.
For the unstable distribution (sid), these problems have already been fixed in the drupal7 package.
We recommend that you upgrade your drupal6 packages.
Insight
Drupal is a dynamic web site platform which allows an individual or community of users to publish, manage and organize a variety of content, Drupal integrates many popular features of content management systems, weblogs, collaborative tools and discussion-based community software into one easy-to-use package.
Affected
drupal6 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0825, CVE-2012-0826, CVE-2012-5651, CVE-2012-5652, CVE-2012-5653, CVE-2013-0244, CVE-2013-0245 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities