TTCSIRT-153.080718: TT-CSIRT Advisory – Drupal Security Updates
Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header.
Once the override occurs, the attacker will then have the ability to take control of both the webserver and any sites hosted on it.
Further information on this vulnerability and how it can be mitigated can be found on the Drupal Website at https://www.drupal.org/SA-CORE-2018-005 |