|CERT-In Vulnerability Note
Access Bypass Vulnerability in Mollom Module of Drupal
Original Issue Date:December 14, 2015
Severity Rating: HIGH
- Mollom 6.x-2.x versions between 6.x-2.7 through 6.x-2.14.
A vulnerability has been reported in Mollom module of Drupal which could be exploited by an attacker to bypass security restrictions to conduct further attacks.
The Mollom module allows users to protect their website from spam by creating a blacklist. When the user submit some content that match with terms in the blacklist, the content is marked as spam and it is rejected as per the site configuration.
The vulnerability exists in the module due to improperly checking of access rights while accessing or modifying the blacklist for the site. An attacker may leverage this issue to bypass security restrictions and change or remove the blacklist to conduct further attacks.
Upgrade to latest version of Module Mollom 6.x-2.15
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003