Rapid7 Vulnerability & Exploit Database

Drupal: CVE-2017-6381: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Drupal: CVE-2017-6381: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

03/16/2017

Created

07/25/2018

Added

09/18/2017

Modified

11/05/2019

Description

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments

Solution(s)

drupal-upgrade-8_2_7

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Drupal: CVE-2017-6381: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001

Drupal: CVE-2017-6381: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.