Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.810959 |
Category: | Web application abuses |
Title: | Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux |
Summary: | Drupal is prone to multiple vulnerabilities. |
Description: | Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. - The file REST resource does not properly validate some fields when manipulating files. - Private files that have been uploaded by an anonymous user but not permanently attached to content on the site is visible to the anonymous user, Drupal core did not provide sufficient protection. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code, get or register a user account on the site with permissions to upload files into a private file system and modify the file resource. Affected Software/OS: Drupal core version 7.x versions prior to 7.56 and 8.x versions prior to 8.3.4. Solution: Upgrade to Drupal core version 7.56 or 8.3.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
BugTraq ID: 99211 BugTraq ID: 99222 BugTraq ID: 99219 Common Vulnerability Exposure (CVE) ID: CVE-2017-6920 http://www.securityfocus.com/bid/99211 http://www.securitytracker.com/id/1038781 Common Vulnerability Exposure (CVE) ID: CVE-2017-6921 http://www.securityfocus.com/bid/99222 Common Vulnerability Exposure (CVE) ID: CVE-2017-6922 http://www.securityfocus.com/bid/99219 Debian Security Information: DSA-3897 (Google Search) https://www.debian.org/security/2017/dsa-3897 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |