Access bypass in Drupal - #VU492
Published: September 16, 2016
Vulnerability identifier: #VU492
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a user to get access to his session on Drupal site.
The weakness is caused by access control error and allows a blocked user to maintain his session still being blocked.
Successful exploitation of the vunerability results in gaining access to the session on Drupal site by blocked user.
The weakness is caused by access control error and allows a blocked user to maintain his session still being blocked.
Successful exploitation of the vunerability results in gaining access to the session on Drupal site by blocked user.
Remediation
Update 5.x to 5.22.
http://ftp.drupal.org/files/projects/drupal-5.22.tar.gz
Update 6.x to 6.16.
http://ftp.drupal.org/files/projects/drupal-6.16.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.22.tar.gz
Update 6.x to 6.16.
http://ftp.drupal.org/files/projects/drupal-6.16.tar.gz