Описание
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| drupal7 | not-affected | package | ||
| drupal6 | removed | package | ||
| drupal6 | end-of-life | squeeze | package |
Примечания
https://www.drupal.org/SA-CORE-2016-001
https://www.openwall.com/lists/oss-security/2016/02/24/19
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 10 лет назад
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
CVSS3: 8.1
nvd
почти 10 лет назад
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
