AVG-744

Package drupal
Status Fixed
Severity Medium
Type access restriction bypass
Affected 8.5.5-1
Fixed 8.5.6-1
Current 8.6.1-1 [community]
Ticket None
Created Thu Aug 2 15:52:00 2018
Issue Severity Remote Type Description
CVE-2018-14773 Medium Yes Access restriction bypass
Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a...
References
https://www.drupal.org/SA-CORE-2018-005