CVE-2017-6381

Опубликовано: 16 мар. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the /vendor/phpunit directory from your production deployments

Ссылки

http://www.securityfocus.com/bid/96919
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038058
https://www.drupal.org/SA-2017-001
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/96919
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038058
https://www.drupal.org/SA-2017-001
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05379

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-829

Связанные уязвимости

CVE-2017-6381

CVSS3: 8.1

ubuntu

больше 8 лет назад

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments

CVE-2017-6381

CVSS3: 8.1

debian

больше 8 лет назад

A 3rd party development library including with Drupal 8 development de ...

GHSA-rhx9-3qf7-r3j7

CVSS3: 8.1

github

около 3 лет назад

Drupal Remote code execution

EPSS

Процентиль: 90%

0.05379

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-829