DSA-2804-1 drupal7 -- severalID: oval:org.secpod.oval:def:601156 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. In order to avoid the remote code execution vulnerability, it is recommended to create a .htaccess file in each of your sites""files" directories . Please refer to the NEWS file provided with this update and the upstream advisory at https://drupal.org/SA-CORE-2013-003 for further information.