Drupal Image Upload HTML注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1197096 漏洞类型 输入验证
发布时间 2005-12-01 更新时间 2006-02-07
CVE编号 CVE-2005-3975 CNNVD-ID CNNVD-200512-039
漏洞平台 N/A CVSS评分 4.0
|漏洞来源
https://www.securityfocus.com/bid/15663
https://cxsecurity.com/issue/WLB-2005120003
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-039
|漏洞详情
Drupal4.5.0到4.5.5和4.6.0到4.6.3版本的file.inc中存在解释冲突。经过验证的远程用户可以借助带GIF或JPEG文件扩展名的文件中的HTML,注入任意Web脚本或HTML,使得在InternetExplorer中浏览文件的受害者执行该HTML。
|漏洞EXP
------------------------------------------------------------------------
----
Drupal security advisory                                  DRUPAL-SA-2005-008
------------------------------------------------------------------------
----
Advisory ID:    DRUPAL-SA-2005-008
Project:        Drupal core
Date:           2005-11-30
Security risk:  less critical
Impact:         normal
Where:          from remote
Vulnerability:  XSS, HTTP header injection
------------------------------------------------------------------------
----

Description
-----------
Paul Laudanski informed us that it's possible to attach files that are able
to run Javascript under Internet Explorer.

Further investigation of the problem revealed that the same method can be
used to inject arbitrary HTTP headers.

Versions affected
-----------------
Drupal 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5
Drupal 4.6.0, 4.6.1, 4.6.2, 4.6.3

Solution
--------
- If you are running Drupal 4.5.x, then upgrade to Drupal 4.5.6.
- If you are running Drupal 4.6.x, then upgrade to Drupal 4.6.4.

Contact
-------
The security contact for Drupal can be reached at security at drupal.org
or using the form at http://drupal.org/contact.
More information is available from http://drupal.org/security or from
our security RSS feed http://drupal.org/security/rss.xml.

// Uwe Hermann, on behalf of the Drupal Security Team.
-- 
Uwe Hermann <uwe (at) hermann-uwe (dot) de [email concealed]>
http://www.hermann-uwe.de                 | http://www.crazy-hacks.org
http://www.it-services-uh.de              | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de
|受影响的产品
VBulletin VBulletin 3.0.9 VBulletin VBulletin 3.0.8 VBulletin VBulletin 3.0.7 VBulletin VBulletin 3.0.6 VBulletin VBulletin 3.0.5 VBulletin VBulletin 3.0.4
|参考资料

来源:BID
名称:15663
链接:http://www.securityfocus.com/bid/15663
来源:BUGTRAQ
名称:20051201[DRUPAL-SA-2005-008]Drupal4.6.4/4.5.6fixesXSSandHTTPheaderinjectionissue
链接:http://www.securityfocus.com/archive/1/archive/1/418291/100/0/threaded
来源:VUPEN
名称:ADV-2005-2684
链接:http://www.frsirt.com/english/advisories/2005/2684
来源:SECUNIA
名称:17824
链接:http://secunia.com/advisories/17824
来源:drupal.org
链接:http://drupal.org/files/sa-2005-008/advisory.txt
来源:MISC
链接:http://drupal.org/files/sa-2005-008/4.6.3.patch
来源:DEBIAN
名称:DSA-958
链接:http://www.debian.org/security/2006/dsa-958
来源:SREASON
名称:220
链接:http://securityreason.com/securityalert/220
来源:SECUNIA
名称:18630
链接:http://secunia.com/advisories/18630