Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2017-6921
HistoryJan 15, 2019 - 9:29 p.m.

Design/Logic Flaw

2019-01-1521:29:00
PRIOn knowledge base
www.prio-n.com
4

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

CPENameOperatorVersion
drupalge8.0.0
drupallt8.3.4

Related

veracode 1
osv 2
github 1
cve 1
nessus 4
openvas 3
freebsd 1
fedora 1
veracode
veracode
Improper File Validation
2017-06-27 06:38:53
osv
osv
Drupal file REST resource does not properly validate
2022-05-13 01:36:23
CVE-2017-6921
2019-01-15 21:29:00
github
github
Drupal file REST resource does not properly validate
2022-05-13 01:36:23
cve
cve
CVE-2017-6921
2019-01-15 21:29:00
nessus
nessus
Drupal 8.x < 8.3.4 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)
2017-06-27 00:00:00
Drupal 7.x < 7.56 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Windows
2017-06-22 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux
2017-06-22 00:00:00
Fedora Update for drupal8 FEDORA-2018-922cc2fbaa
2018-04-25 00:00:00
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON
Related for PRION:CVE-2017-6921
veracode1osv2github1cve1nessus4openvas3freebsd1fedora1