What about this code hick-up (is there vulnerability?):jQuery to be retired. What about this code?
// $Id: poormanscron.js,v 1.1.2.3 2010/01/17 00:27:52 davereid Exp $
(function ($) {
/**
* Checks to see if the cron should be automatically run.
*/
Drupal.behaviors.cronCheck = function(context) {
if (Drupal.settings.cron.runNext || false) {
$('body:not(.cron-check-processed)', context).addClass('cron-check-processed').each(function() {
// Only execute the cron check if its the right time.
if (Math.round(new Date().getTime() / 1000.0) >= Drupal.settings.cron.runNext) {
$.get(Drupal.settings.cron.basePath + '/run-cron-check');
}
});
}
};
})(jQuery);
See analysis:
[decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable Drupal
error: undefined variable Drupal.behaviors
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var Drupal.behaviors = 1;
error: line:1: ....^
Where we met this?
http://nieuws.kuleuven.be/node/10871Detected libraries:
jquery - 1.3.2 : (active1)
http://nieuws.kuleuven.be/sites/all/modules/jquery_update/replace/jquery.js?9Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969http://research.insecurelabs.org/jquery/test/Info: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/Info: Severity: medium
https://github.com/jquery/jquery/issues/2432http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/(active) - the library was also found to be active by running code
1 vulnerable library detected
Suspicious copde, exceeding runtime = nieuws.kuleuven.be/sites/all/modules/update/replace/jquery.js?9
Excessive server info proliferation: address>Apache/2.2.15 (CentOS) Server at nieuws.kuleuven.be Port 80
Various undefined variables detected in the script code. undefined variable Drupal
error: undefined variable Drupal.behaviors
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var Drupal.behaviors = 1;
error: line:1: ....^
Thanks to Steven Winderlich for reporting to me,
pol