The Latest in IT Security

Drupal Patches Flaw Exploited in Spam Campaigns

22
Jun
2017

security-breaches-600x400

Drupal security updates released on Wednesday address several vulnerabilities, including one that has been exploited in spam campaigns.

The flaw exploited in the wild, patched with the release of Drupal versions 7.56 and 8.3.4, is a moderately critical access bypass vulnerability tracked as CVE-2017-6922.

The problem is that files uploaded by anonymous users to a private file system can be accessed by all anonymous users, not just the user who uploaded them, as it should be. The security hole only affects websites that allow anonymous users to upload files to a private file system.

Related posts:
  1. Drupal 7.27 and 6.31 Released to Fix Information Disclosure Vulnerability
  2. Drupal and WordPress Coordinate Security Updates to Fix DoS Flaw
  3. Old Drupal Flaw Still Used to Hack Websites
  4. Samba Patches Code Execution Flaw Introduced in 2010
  5. Critical Vulnerabilities Fixed in Drupal 7.29 and 6.32

Read More

Tags:  
Written by Feedproxy
0 Comments

Leave a reply


Categories

THURSDAY, APRIL 18, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments