ID de Prueba:	1.3.6.1.4.1.25623.1.0.810959
Categoría:	Web application abuses
Título:	Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux
Resumen:	Drupal is prone to multiple vulnerabilities.
Descripción:	Summary: Drupal is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. - The file REST resource does not properly validate some fields when manipulating files. - Private files that have been uploaded by an anonymous user but not permanently attached to content on the site is visible to the anonymous user, Drupal core did not provide sufficient protection. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code, get or register a user account on the site with permissions to upload files into a private file system and modify the file resource. Affected Software/OS: Drupal core version 7.x versions prior to 7.56 and 8.x versions prior to 8.3.4. Solution: Upgrade to Drupal core version 7.56 or 8.3.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 99211 BugTraq ID: 99222 BugTraq ID: 99219 Common Vulnerability Exposure (CVE) ID: CVE-2017-6920 http://www.securityfocus.com/bid/99211 http://www.securitytracker.com/id/1038781 Common Vulnerability Exposure (CVE) ID: CVE-2017-6921 http://www.securityfocus.com/bid/99222 Common Vulnerability Exposure (CVE) ID: CVE-2017-6922 http://www.securityfocus.com/bid/99219 Debian Security Information: DSA-3897 (Google Search) https://www.debian.org/security/2017/dsa-3897
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.