HTTP: Drupal Core phar stream wrapper Insecure Deserialization

This signature detects attempts to exploit a known vulnerability against Drupal. A successful attack can lead to arbitrary code execution.

Extended Description

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Affected Products

Debian debian_linux

References

CVE: CVE-2019-6339

URL: http://www.zerodayinitiative.com/advisories/zdi-19-130/ https://www.drupal.org/sa-core-2019-002 https://www.zerodayinitiative.com/advisories/zdi-19-130/

Short Name

HTTP:DRUPAL-INSECURE-DESERIAL

Severity

Major

Recommended

True

Recommended Action

Drop

HTTP: Drupal Core phar stream wrapper Insecure Deserialization

Extended Description

Affected Products

References

Found a potential security threat?