Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By bjaspan on
- Advisory ID: DRUPAL-SA-2007-022.
- Project: Boost (third-party module)
- Version: 4.7.x-1.*, 5.x-0.*
- Date: 2007-10-03
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Filesystem overwrite
Description
The Boost module provides a static file-based cache of Drupal pages for anonymous users. A vulnerability allows an attacker to create or overwrite any filename in any directory that the web server can write to. The affected file will always contain the fully rendered HTML for a single Drupal page; the attacker cannot control the content of the affected file in any other way.
As an example, since most Drupal web servers have write access to the Drupal installation directory, the attacker could replace Drupal's index.php with the HTML of another page from the same site of his choosing, causing every page from the attacked site to appear like the chosen page.
Versions affected
- 5.x:
- Boost before version 5.x-1.0
- 4.7.x:
- Boost before version 4.7.x-1.0
Drupal core is not affected. If you do not use the contributed Boost module, there is nothing you need to do.
Solution
Install the latest version:
- 5.x:
- 4.7.x:
Reported by
Barry Jaspan of the Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
