Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.810959 |
Categoría: | Web application abuses |
Título: | Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux |
Resumen: | Drupal is prone to multiple vulnerabilities. |
Descripción: | Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. - The file REST resource does not properly validate some fields when manipulating files. - Private files that have been uploaded by an anonymous user but not permanently attached to content on the site is visible to the anonymous user, Drupal core did not provide sufficient protection. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code, get or register a user account on the site with permissions to upload files into a private file system and modify the file resource. Affected Software/OS: Drupal core version 7.x versions prior to 7.56 and 8.x versions prior to 8.3.4. Solution: Upgrade to Drupal core version 7.56 or 8.3.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
BugTraq ID: 99211 BugTraq ID: 99222 BugTraq ID: 99219 Common Vulnerability Exposure (CVE) ID: CVE-2017-6920 http://www.securityfocus.com/bid/99211 http://www.securitytracker.com/id/1038781 Common Vulnerability Exposure (CVE) ID: CVE-2017-6921 http://www.securityfocus.com/bid/99222 Common Vulnerability Exposure (CVE) ID: CVE-2017-6922 http://www.securityfocus.com/bid/99219 Debian Security Information: DSA-3897 (Google Search) https://www.debian.org/security/2017/dsa-3897 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |