Announcement Announcement Module
Collapse
No announcement yet.
Form State Information Disclosure vulnerability in Drupal Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Form State Information Disclosure vulnerability in Drupal

    Form State Information Disclosure vulnerability in Drupal


    Severity Rating: MEDIUM

    Systems Affected

    • Drupal core 6.x versions prior to 6.31
    • Drupal core 7.x versions prior to 7.27

    Overview
    A vulnerability has been reported in Drupal which could be exploited by a remote attacker to obtain sensitive information.

    Description
    This vulnerability exists in Drupal’s form API due to improper handling of cached pages for anonymous users which may result in disclosure of interim form input recorded for one anonymous user to other users
    interacting with the same form at the same time.

    Solution
    Apply appropriate updates as mentioned in Drupal Security Advisory
    https://drupal.org/SA-CORE-2014-002

    Vendor Information

    Drupal
    https://drupal.org/SA-CORE-2014-002

    References

    Drupal
    https://drupal.org/SA-CORE-2014-002

    Secunia
    http://secunia.com/advisories/58132/

    Secure list
    https://www.securelist.com/en/advisories/58132
Working...
X