CVE-2016-3171

HIGH8.1EPSS 8.2%

Drupal arbitrary code execution

發布日:2022/5/17修改日:2024/4/23

描述

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

受影響套件(2)

Packagist/drupal/core>= 6.0, < 6.38
Packagist/drupal/drupal>= 6.0, < 6.38

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(8)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-3171
PATCHhttps://github.com/drupal/core
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml
WEBhttps://www.drupal.org/SA-CORE-2016-001
WEBhttp://www.debian.org/security/2016/dsa-3498
WEBhttp://www.openwall.com/lists/oss-security/2016/02/24/19
WEBhttp://www.openwall.com/lists/oss-security/2016/03/15/10