| VID |
210042 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Drupal is vulnerable to a security bypass vulnerability in the Captcha and Textimage modules. Drupal is an open-source content management system written in PHP. The Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal could allow a remote attacker to bypass security restrictions, caused by improper validation when using captcha. This vulnerability could be exploited by attackers or automated systems to bypass the captcha validation and post arbitrary data.
* References:
http://drupal.org/node/114364
http://drupal.org/node/114519
http://www.frsirt.com/english/advisories/2007/0431
http://secunia.com/advisories/23983
http://secunia.com/advisories/23985
* Platforms Affected:
Drupal Textimage versions 4.7.x prior 4.7-1.2
Drupal Textimage versions 5.x prior 5.x-1.1
Drupal Captcha versions 4.7.x prior 4.7-1.2
Drupal Captcha versions 5.x prior 5.x-1.1
Any operating system Any version |
| Recommendation |
Upgrade to Drupal captcha module version 4.7-1.2 / 5.x-1.1 and/or textimage module version 4.7-1.2 / 5.x-1.1 or later, as listed in the Drupal Security Advisory ID: DRUPAL-SA-2007-007 at http://drupal.org/node/114519 |
| Related URL |
CVE-2007-0658 (CVE) |
| Related URL |
22329 (SecurityFocus) |
| Related URL |
31984,31994 (ISS) |
|
