|
Message-ID: <CABbbngCzpmXUzKqdP0e8=SH4dEoG2bSKCs+yuuq3hKS8-B1+3Q@mail.gmail.com> Date: Wed, 23 Jul 2014 11:37:38 -0700 From: Forest Monsen <forest.monsen@...il.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, Mitre CVE assign department <cve-assign@...re.org> Subject: Re: CVE Request for Drupal Core On Mon, Jul 21, 2014 at 1:29 AM, Jorge Manuel B. S. Vicetto < jmbsvicetto@...il.com> wrote: > SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities > https://www.drupal.org/SA-CORE-2014-003 > Four issues to examine here: - Denial of service with malicious HTTP Host header (Base system - Drupal 6 and 7 - Critical) - Access bypass (File module - Drupal 7 - Critical) - Cross-site scripting (Form API option groups - Drupal 6 and 7 - Moderately critical) - Cross-site scripting (Ajax system - Drupal 7 - Moderately critical) Best, Forest Monsen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.