Vulnerability Name:

CVE-2009-2372 (CCN-51502)

Assigned:2009-07-01
Published:2009-07-01
Updated:2021-04-21
Summary:Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-2372

Source: CCN
Type: DRUPAL-SA-CORE-2009-007
SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/507572

Source: OSVDB
Type: Broken Link
55525

Source: CCN
Type: SA35681
Drupal Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
35681

Source: CCN
Type: SECTRACK ID: 1022497
Drupal User Signature Input Validation Lets Remote Authenticated Users Execute Arbitrary Code

Source: DEBIAN
Type: DSA-1930
drupal6 -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 55525
Drupal Core User Signature Format Weakness

Source: CCN
Type: BID-35548
Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities

Source: SECTRACK
Type: Patch, Third Party Advisory, VDB Entry
1022497

Source: XF
Type: UNKNOWN
drupal-inputformat-code-execution(51502)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:drupal:*:*:*:*:*:*:*:* (Version >= 6.0 and < 6.13)

  • Configuration CCN 1:
  • cpe:/a:drupal:drupal:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.10:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.11:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:6.12:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7333
    P
    DSA-1930 drupal6 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13660
    P
    DSA-1930-1 drupal6 -- several vulnerabilities
    2014-06-23
    oval:org.debian:def:1930
    V
    several vulnerabilities
    2009-11-07
    BACK
    drupal drupal *
    drupal drupal 6.0
    drupal drupal 6.2
    drupal drupal 6.1
    drupal drupal 6.3
    drupal drupal 6.4
    drupal drupal 6.5
    drupal drupal 6.6
    drupal drupal 6.9
    drupal drupal 6.7
    drupal drupal 6.10
    drupal drupal 6.11
    drupal drupal 6.12
    debian debian linux 5.0