HomePentest-Tools.com Logo

Drupal Multiple Vulnerabilities (SA-2017-001) - Windows CVE-2017-6377CVE-2017-6379CVE-2017-6381

Severity
CVSSv3 Score
8.1
Vulnerability description

Drupal is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - Editor module incorrectly checks access to inline private files. - Some admin paths were not protected with a CSRF token. - A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and execute arbitrary code. Failed exploit attempts may result in a denial of service condition.

Recommendation

Upgrade to version 8.2.7 or newer.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 16, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available