Vulnerability-Lookup

CNVD-2016-01930

Vulnerability from cnvd - Published: 2016-03-31

Title

Drupal Core会话数据劫持漏洞

Description

Drupal是一套用PHP语言开发的免费、开源的内容管理系统。 Drupal Core存在会话数据劫持漏洞。在某些PHP的老版本，用户提供的存储在Drupal的会话数据可能序列化，导致远程代码执行。

Severity

中

Patch Name

Drupal Core会话数据劫持漏洞的补丁

Patch Description

Drupal是一套用PHP语言开发的免费、开源的内容管理系统。 Drupal Core存在会话数据劫持漏洞。在某些PHP的老版本，用户提供的存储在Drupal的会话数据可能序列化，导致远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://www.drupal.org/SA-CORE-2016-001

Reference

https://www.drupal.org/SA-CORE-2016-001

Impacted products

Name
['Drupal core 6.x(<6.38)', 'Drupal core 7.x(<7.43)', 'Drupal core 8.0.x(<8.0.4）']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3171"
    }
  },
  "description": "Drupal\u662f\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal Core\u5b58\u5728\u4f1a\u8bdd\u6570\u636e\u52ab\u6301\u6f0f\u6d1e\u3002\u5728\u67d0\u4e9bPHP\u7684\u8001\u7248\u672c\uff0c\u7528\u6237\u63d0\u4f9b\u7684\u5b58\u50a8\u5728Drupal\u7684\u4f1a\u8bdd\u6570\u636e\u53ef\u80fd\u5e8f\u5217\u5316\uff0c\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "David Jardin of the Joomla Security Team, Damien Tournoud of the Drupal Security Team, Heine Deelstra of the Drupal Security Team",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.drupal.org/SA-CORE-2016-001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01930",
  "openTime": "2016-03-31",
  "patchDescription": "Drupal\u662f\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal Core\u5b58\u5728\u4f1a\u8bdd\u6570\u636e\u52ab\u6301\u6f0f\u6d1e\u3002\u5728\u67d0\u4e9bPHP\u7684\u8001\u7248\u672c\uff0c\u7528\u6237\u63d0\u4f9b\u7684\u5b58\u50a8\u5728Drupal\u7684\u4f1a\u8bdd\u6570\u636e\u53ef\u80fd\u5e8f\u5217\u5316\uff0c\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Drupal Core\u4f1a\u8bdd\u6570\u636e\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Drupal core 6.x(\u003c6.38)",
      "Drupal core  7.x(\u003c7.43)",
      "Drupal core  8.0.x(\u003c8.0.4\uff09"
    ]
  },
  "referenceLink": "https://www.drupal.org/SA-CORE-2016-001",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-29",
  "title": "Drupal Core\u4f1a\u8bdd\u6570\u636e\u52ab\u6301\u6f0f\u6d1e"
}

CVE-2016-3171 (GCVE-0-2016-3171)

Vulnerability from cvelistv5 – Published: 2016-04-12 15:00 – Updated: 2024-08-05 23:47

Summary

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
http://www.openwall.com/lists/oss-security/2016/0…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/0…	mailing-listx_refsource_MLIST
http://www.debian.org/security/2016/dsa-3498	vendor-advisoryx_refsource_DEBIAN
https://www.drupal.org/SA-CORE-2016-001	x_refsource_CONFIRM

Date Public

2016-02-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19"
          },
          {
            "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10"
          },
          {
            "name": "DSA-3498",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/SA-CORE-2016-001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-12T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19"
        },
        {
          "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10"
        },
        {
          "name": "DSA-3498",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/SA-CORE-2016-001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19"
            },
            {
              "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10"
            },
            {
              "name": "DSA-3498",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3498"
            },
            {
              "name": "https://www.drupal.org/SA-CORE-2016-001",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/SA-CORE-2016-001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3171",
    "datePublished": "2016-04-12T15:00:00.000Z",
    "dateReserved": "2016-03-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:47:57.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-01930

CVE-2016-3171 (GCVE-0-2016-3171)

Tags

Sightings

Nomenclature