Vulnerabilities > CVE-2016-3168 - 7PK - Security Features vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CGI abuses NASL id DRUPAL_7_43.NASL description The version of Drupal running on the remote web server is 7.x prior to 7.43. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the File module that allows an attacker to view, delete, or substitute a link to a file that has not yet been submitted or processed by a form. An authenticated, remote attacker can exploit this, via continuous deletion of temporary files, to block all file uploads to a site. - A flaw exists in the XML-RPC system due to a failure to limit the number of simultaneous calls being made to the same method. A remote attacker can exploit this to facilitate brute-force attacks. - A cross-site redirection vulnerability exists due to improper validation of unspecified input before returning it to the user, which can allow the current path to be filled-in with an external URL. A remote attacker can exploit this, via a crafted link, to redirect a user to a malicious web page of the attacker last seen 2020-03-21 modified 2016-03-04 plugin id 89683 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89683 title Drupal 7.x < 7.43 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3498.NASL description Multiple security vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at last seen 2020-06-01 modified 2020-06-02 plugin id 89004 published 2016-02-29 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89004 title Debian DSA-3498-1 : drupal7 - security update
References
- http://www.debian.org/security/2016/dsa-3498
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
- http://www.openwall.com/lists/oss-security/2016/03/15/10
- https://www.drupal.org/SA-CORE-2016-001
- https://www.drupal.org/SA-CORE-2016-001