SSRF in Guzzle library in Drupal - CVE-2016-5385

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU346

SSRF in Guzzle library in Drupal - CVE-2016-5385

Published: August 27, 2016


Vulnerability identifier: #VU346
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5385
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Drupal
Affected software:
Drupal

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary commands on vulnerable system.

The vulnerability exists due to usage of third-party PHP library Guzzle for performing server-side HTTP requests. A remote attacker can use malicious server that returns a 301 HTTP redirect response to local resource to connect to services within internal network or on localhost.

Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.

Note: this vulnerability is being actively exploited in the wild and is referred as HTTPoxy.


How to mitigate CVE-2016-5385

Install the latest Drupal version 8.1.7:
https://www.drupal.org/project/drupal/releases/8.1.7

Sources