oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request for Drupal Core

From: Forest Monsen <forest.monsen () gmail com>
Date: Wed, 23 Jul 2014 11:37:38 -0700
On Mon, Jul 21, 2014 at 1:29 AM, Jorge Manuel B. S. Vicetto <
jmbsvicetto () gmail com> wrote:


SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities
https://www.drupal.org/SA-CORE-2014-003



Four issues to examine here:
- Denial of service with malicious HTTP Host header (Base system - Drupal 6
and 7 - Critical)
- Access bypass (File module - Drupal 7 - Critical)
- Cross-site scripting (Form API option groups - Drupal 6 and 7 -
Moderately critical)
- Cross-site scripting (Ajax system - Drupal 7 - Moderately critical)

Best,
Forest Monsen
Previous By Date Next
Previous By Thread Next

Current thread: