what you don't know can hurt you

Drupal Table Of Contents 6.x Access Bypass

Drupal Table Of Contents 6.x Access Bypass
Posted Nov 15, 2012
Authored by Alexis Wilke, Erik Webb | Site drupal.org

Drupal Table of Contents third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 0c5a26c93b62480d1a16d3559a255cf1

Drupal Table Of Contents 6.x Access Bypass

Change Mirror Download
View online: http://drupal.org/node/1841046

* Advisory ID: DRUPAL-SA-CONTRIB-2012-166
* Project: Table of Contents [1] (third-party module)
* Version: 6.x
* Date: 2012-November-14
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass

-------- DESCRIPTION
---------------------------------------------------------

This module enables you to generates a list of select header tags in a box
that looks like a table of contents or summary. The links added to that box
point to the headers so users can quickly access each section of your
documents.

The module doesn't sufficiently check for node access restrictions when
displaying the table of contents in a block.

This vulnerability is mitigated by the fact that an attacker must find a node
that is not visible to him/her and yet displays its blocks including the
table of contents block. In some Drupal installations, this can happen for
unpublished nodes. Also, the attacker will only see the headers (content
between H1 to H6 tags) appearing in the table of contents, not the entire
page.

CVE: Requested

-------- VERSIONS AFFECTED
---------------------------------------------------

* tableofcontents 6.x-3.x versions prior to 6.x-3.8.

Drupal core is not affected. If you do not use the contributed Table of
Contents [3] module, there is nothing you need to do.

-------- SOLUTION
------------------------------------------------------------

Install the latest version:

* If you use the table of contents module for Drupal 6.x, upgrade to
tableofcontents 6.x-3.8 [4]

Also see the Table of Contents [5] project page.

-------- REPORTED BY
---------------------------------------------------------

* Erik Webb [6]

-------- FIXED BY
------------------------------------------------------------

* Erik Webb [7] the reporter
* Alexis Wilke [8] the Drupal 6.x maintainer

-------- COORDINATED BY
------------------------------------------------------

* Greg Knaddison [9] of the Drupal Security Team

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].


[1] http://drupal.org/project/tableofcontents
[2] http://drupal.org/security-team/risk-levels
[3] http://drupal.org/project/tableofcontents
[4] http://drupal.org/node/1841026
[5] http://drupal.org/project/tableofcontents
[6] http://drupal.org/user/273404
[7] http://drupal.org/user/273404
[8] http://drupal.org/user/356197
[9] http://drupal.org/user/36762
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration

Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close