|Category:||Web application abuses|
|Title:||Drupal Core Access Bypass Vulnerability (SA-CORE-2017-002)-Windows|
|Summary:||This host is running Drupal and is prone; to access bypass vulnerability.|
This host is running Drupal and is prone
to access bypass vulnerability.
Drupal has released an advisory to address
access bypass vulnerability in Drupal core.
A site is only affected by this if all of the following conditions are met:
The site has the RESTful Web Services (rest) module enabled.
The site allows PATCH requests.
An attacker can get or register a user account on the site.
Successful exploitation will allow remote
attackers to to obtain sensitive information.
Impact Level: Application
Drupal version 8 prior to 8.2.8 and 8.3.1
Upgrade to version 8.2.8, 8.3.1 or later.
For updates refer to https://www.drupal.org
Common Vulnerability Exposure (CVE) ID: CVE-2017-6919|
BugTraq ID: 97941
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.