Описание
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| drupal7 | not-affected | package | ||
| drupal6 | removed | package | ||
| drupal6 | end-of-life | squeeze | package |
Примечания
https://www.drupal.org/SA-CORE-2016-001
https://www.openwall.com/lists/oss-security/2016/02/24/19
EPSS
Процентиль: 91%
0.07448
Низкий
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 9 лет назад
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
CVSS3: 8.1
nvd
больше 9 лет назад
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
EPSS
Процентиль: 91%
0.07448
Низкий