- Document drupal --- multiple vulnerabilities

Reviewed by:	simon

1 files changed, 84 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index f8d5dad43956..bb56c1d0f39a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,90 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="9c00d446-8208-11dc-9283-0016179b2dd5">
+    <topic>drupal --- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>drupal4</name>
+	<range><lt>4.7.8</lt></range>
+      </package>
+      <package>
+	<name>drupal5</name>
+	<range><lt>5.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Drupal Project reports:</p>
+	<blockquote cite="http://drupal.org/node/184315">
+	  <p>In some circumstances Drupal allows user-supplied data to
+	    become part of response headers. As this user-supplied data
+	    is not always properly escaped, this can be exploited by
+	    malicious users to execute HTTP response splitting attacks
+	    which may lead to a variety of issues, among them cache
+	    poisoning, cross-user defacement and injection of arbitrary
+	    code.</p>
+	</blockquote>
+	<blockquote cite="http://drupal.org/node/184316">
+	  <p>The Drupal installer allows any visitor to provide credentials
+	    for a database when the site's own database is not reachable. This
+	    allows attackers to run arbitrary code on the site's server.
+	    An immediate workaround is the removal of the file install.php
+	    in the Drupal root directory.</p>
+	</blockquote>
+	<blockquote cite="http://drupal.org/node/184320">
+	  <p>The allowed extension list of the core Upload module contains
+	    the extension HTML by default. Such files can be used to execute
+	    arbitrary script code in the context of the affected site when a
+	    user views the file. Revoking upload permissions or removing the
+	    .html extension from the allowed extension list will stop uploads
+	    of malicious files. but will do nothing to protect your site
+	    againstfiles that are already present. Carefully inspect the file
+	    system path for any HTML files. We recommend you remove any HTML
+	    file you did not update yourself. You should look for , CSS
+	    includes, Javascript includes, and onerror="" attributes if
+	    you need to review files individually.</p>
+	</blockquote>
+	<blockquote cite="http://drupal.org/node/184348">
+	  <p>The Drupal Forms API protects against cross site request
+	    forgeries (CSRF), where a malicous site can cause a user
+	    to unintentionally submit a form to a site where he is
+	    authenticated. The user deletion form does not follow the
+	    standard Forms API submission model and is therefore not
+	    protected against this type of attack. A CSRF attack may
+	    result in the deletion of users.</p>
+	</blockquote>
+	<blockquote cite="http://drupal.org/node/184354">
+	  <p>The publication status of comments is not passed during the
+	    hook_comments API operation, causing various modules that rely
+	    on the publication status (such as Organic groups, or Subscriptions)
+	    to mail out unpublished comments.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2007-5597</cvename>
+      <cvename>CVE-2007-5596</cvename>
+      <cvename>CVE-2007-5595</cvename>
+      <cvename>CVE-2007-5594</cvename>
+      <cvename>CVE-2007-5593</cvename>
+      <url>http://drupal.org/node/184315</url>
+      <url>http://drupal.org/node/184316</url>
+      <url>http://drupal.org/node/184348</url>
+      <url>http://drupal.org/node/184354</url>
+      <url>http://drupal.org/node/184320</url>
+      <url>http://secunia.com/advisories/27292</url>
+      <url>http://secunia.com/advisories/27292</url>
+      <url>http://secunia.com/advisories/27292</url>
+      <url>http://secunia.com/advisories/27290</url>
+      <url>http://secunia.com/advisories/27290</url>
+    </references>
+    <dates>
+      <discovery>2007-10-17</discovery>
+      <entry>2007-10-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3a81017a-8154-11dc-9283-0016179b2dd5">
     <topic>ldapscripts -- Command Line User Credentials Disclosure</topic>
     <affects>