[Security-news] SA-CONTRIB-2009-056 - Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API with vulnerabilities, now abandoned
security-news at drupal.org
security-news at drupal.org
Wed Sep 9 17:35:00 UTC 2009
* Advisory ID: DRUPAL-SA-CONTRIB-2009-056
* Project: Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest
API (third-party modules)
* Version: 5.x, 6.x
* Date: 2009 Sept 9
* Security risk: Critical
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities
-------- DESCRIPTION
---------------------------------------------------------
Multiple vulnerabilities have been found in the following modules which have
been abandoned. Their releases have been unpublished and it is recommended
that they be disabled and un-installed if in use.
-------- MODULES
-------------------------------------------------------------
* Node2Node [1]
* Node Browser [2]
* Subdomain Manager [3]
* Quota by role [4]
* Rest API [5]
Drupal core is not affected. If you do not use any of these contributed
modules, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------
There is no solution available. It is recommended that you disable any of the
vulnerable modules if they are in use on your site.
-------- CONTACT
-------------------------------------------------------------
The security contact for Drupal can be reached at security at drupal.org or
via the form at http://drupal.org/contact.
[1] http://drupal.org/project/node2node
[2] http://drupal.org/project/node_browser
[3] http://drupal.org/project/subdomain_manager
[4] http://drupal.org/project/quota_by_role
[5] http://drupal.org/project/restapi
More information about the Security-news
mailing list