What are the identified vulnerabilities? Access bypass, information disclosure, open redirect in Drupal versions 6.x and Drupal 7.x
Solutions to vulnerabilities? Upgrade Drupal 6.x to Drupal core 6.36, Upgrade Drupal 7.x to Drupal core 7.38
OpenID is an account created by the open source community that allows you to use an existing account to sign in to multiple websites with one password. The Drupal vulnerability with OpenID uses impersonation to log in as other users on a site including administrators. They then use the administrator access level to hijack accounts. This vulnerability affects Drupal 6 and Drupal 7 versions.
Drupal 7 sites using the Field UI can be used to trick users to go to a malicious URL that can gather information. The Overlay module does not properly validate URLs prior to displaying content. This can lead to an open redirect vulnerability.
Drupal 7 sites utilizing the render cache system may cache content that is typically protected by user role. The content may be exposed to non-privileged users. This vulnerability is specific to private content on sites where User 1 is an account.
For more information please go to the Drupal Security Advisories page.
| Email: | support@WebHostingHub.com | Ticket: | Submit a Support Ticket |
|---|---|---|---|
| Call: |
877-595-4HUB (4482) 757-416-6627 (Intl.) |
Chat: | Click To Chat Now |
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!