In association with heise online

30 April 2009, 11:51

Security Update for Drupal

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the Drupal content management system have released version 5.17 and 6.11 to close a cross site scripting vulnerability. The vulnerability can only be exploited if a browser interprets valid UTF8 byte sequences as UTF7. When this occurs they can become potentially dangerous. According to the report, this can include Internet Explorer 6 and in certain cases 7.

The new version also fixed a bug which allowed abuse through Cross-Site Request forgery. There are update patches available for the problems and the developers have published several advisories on vulnerabilities in extension modules from third parties.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit