CVE-2011-2687

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2011-2687 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sascha Grossenbacher, Khaled Alhourani, and Ben Ford..

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2011-2687

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Drupal 7.x only.

Listings showing nodes but not JOINing the node table show all nodes regardless of restrictions imposed by the node_access system. In core, this affects the taxonomy and the forum subsystem.

This issue only affects sites using a node access module such as content access or forum access. If you do not use any node access system then your site is not affected by this vulnerability. It is still considered a best practice to run the latest release and all site owners are encouraged to upgrade when they can regardless of whether or not they are affected.

Note that fixing this issue in contributed modules requires a backwards-compatible API change for modules listing nodes. See http://drupal.org/node/1204572 for more details.

This issue affects Drupal 7.x only.

Vendor Status:
Drupal issued an update for this vulnerability

Patch Availability:
http://drupal.org/node/1204582

CVE Information:
CVE-2011-2687

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus