Vulnerability Name:

CVE-2009-1575 (CCN-50250)

Assigned:2009-04-29
Published:2009-04-29
Updated:2017-08-17
Summary:Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1575

Source: CCN
Type: DRUPAL-SA-CORE-2009-005
SA-CORE-2009-005 - Drupal core - Cross site scripting

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/449078

Source: CCN
Type: SA34948
vbDrupal Script Insertion and Information Disclosure

Source: SECUNIA
Type: Vendor Advisory
34948

Source: CCN
Type: SA34950
Drupal Script Insertion and Information Disclosure

Source: SECUNIA
Type: Vendor Advisory
34950

Source: SECUNIA
Type: UNKNOWN
34980

Source: DEBIAN
Type: UNKNOWN
DSA-1792

Source: DEBIAN
Type: DSA-1792
drupal6 -- multiple vulnerabilities

Source: OSVDB
Type: Patch
54152

Source: CCN
Type: OSVDB ID: 54152
Drupal Core UTF-7 Unspecified XSS

Source: CCN
Type: OSVDB ID: 54427
Print Module for Drupal UTF-7 Unspecified XSS

Source: CCN
Type: OSVDB ID: 54463
Drupal Core UTF-7 Unspecified XSS

Source: CCN
Type: vbDrupal Forums/General/News and announcements, April 30, 03:49 AM
vbDrupal 5.17.0 released

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1216

Source: XF
Type: UNKNOWN
drupal-utf7-xss(50250)

Source: XF
Type: UNKNOWN
drupal-utf7-xss(50250)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4175

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4203

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:drupal:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.8:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.9:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.13:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.14:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.15:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.16:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6:beta1:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:drupal:drupal:6.10:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.16:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7856
    P
    		DSA-1792 drupal6 -- multiple vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13542
    P
    		DSA-1792-1 drupal6 -- multiple
    2014-06-23
    oval:org.debian:def:1792
    V
    		multiple vulnerabilities
    2009-05-06
    BACK
    drupal drupal 5.0
    drupal drupal 5.0 beta1
    drupal drupal 5.0 beta2
    drupal drupal 5.0 rc1
    drupal drupal 5.0 rc2
    drupal drupal 5.1
    drupal drupal 5.1_rev1.1
    drupal drupal 5.2
    drupal drupal 5.3
    drupal drupal 5.4
    drupal drupal 5.5
    drupal drupal 5.5.
    drupal drupal 5.6
    drupal drupal 5.7
    drupal drupal 5.8
    drupal drupal 5.9
    drupal drupal 5.10
    drupal drupal 5.11
    drupal drupal 5.12
    drupal drupal 5.13
    drupal drupal 5.14
    drupal drupal 5.15
    drupal drupal 5.16
    drupal drupal 6
    drupal drupal 6 beta1
    drupal drupal 6.0
    drupal drupal 6.0 beta1
    drupal drupal 6.0 beta2
    drupal drupal 6.0 beta3
    drupal drupal 6.0 beta4
    drupal drupal 6.0 rc-1
    drupal drupal 6.0 rc-2
    drupal drupal 6.0 rc-3
    drupal drupal 6.0 rc-4
    drupal drupal 6.1
    drupal drupal 6.2
    drupal drupal 6.3
    drupal drupal 6.4
    drupal drupal 6.5
    drupal drupal 6.6
    drupal drupal 6.7
    drupal drupal 6.8
    drupal drupal 6.9
    drupal drupal 6.10
    drupal drupal 6.10
    drupal drupal 5.16
    debian debian linux 5.0