CVE-2017-6381 Vulnerability Details

  /     /     /  

CVE-2017-6381 Metadata Quick Info

CVE Published: 16/03/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: drupal | Vendor: Drupal | Product: Drupal Core
Status : PUBLISHED

CVE-2017-6381 Description

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren\'t normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren\'t vulnerable, you can remove the /vendor/phpunit directory from your production deployments

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Remote code execution
Source: Drupal

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2017-6381 Vulnerability Details