Описание
Drupal arbitrary code execution
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3171
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml
- https://www.drupal.org/SA-CORE-2016-001
- http://www.debian.org/security/2016/dsa-3498
- http://www.openwall.com/lists/oss-security/2016/02/24/19
- http://www.openwall.com/lists/oss-security/2016/03/15/10
Пакеты
drupal/core
>= 6.0, < 6.38
6.38
drupal/drupal
>= 6.0, < 6.38
6.38
Связанные уязвимости
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...