TTCSIRT-153.080718: TT-CSIRT Advisory – Drupal Security Updates
Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header.
Once the override occurs, the attacker will then have the ability to take control of both the webserver and any sites hosted on it.
| Further information on this vulnerability and how it can be mitigated can be found on the Drupal Website at https://www.drupal.org/SA-CORE-2018-005 |