Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://drupal.org/files/sa-2005-002/advisory.txt
http://www.vuxml.org/freebsd/f241641e-f5ea-11d9-a6db-000d608ed240.html
Insight
The following package is affected: drupal
CVE-2005-1921
PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc), as used in products such as WordPress, Serendipity, Drupal, egroupware, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2005-2106
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
Severity
Classification
-
CVE CVE-2005-1921, CVE-2005-2106 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities