oss-sec mailing list archives
Re: CVE Request for Drupal Core
From: Forest Monsen <forest.monsen () gmail com>
Date: Wed, 23 Jul 2014 11:37:38 -0700
On Mon, Jul 21, 2014 at 1:29 AM, Jorge Manuel B. S. Vicetto < jmbsvicetto () gmail com> wrote:
SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities https://www.drupal.org/SA-CORE-2014-003
Four issues to examine here: - Denial of service with malicious HTTP Host header (Base system - Drupal 6 and 7 - Critical) - Access bypass (File module - Drupal 7 - Critical) - Cross-site scripting (Form API option groups - Drupal 6 and 7 - Moderately critical) - Cross-site scripting (Ajax system - Drupal 7 - Moderately critical) Best, Forest Monsen
Current thread:
- CVE Request for Drupal Core Jorge Manuel B. S. Vicetto (Jul 21)
- Re: CVE Request for Drupal Core Loganaden Velvindron (Jul 21)
- Re: CVE Request for Drupal Core Forest Monsen (Jul 23)
- Re: CVE Request for Drupal Core cve-assign (Jul 23)