HTTP: Drupal Core Form Rendering Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Drupal. A successful attack can lead to arbitrary code execution.
Extended Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Affected Products
Drupal drupal
References
BugTraq: 103534
CVE: CVE-2018-7600
URL: https://www.exploit-db.com/exploits/44448/ https://www.drupal.org/sa-core-2018-002
Short Name
HTTP:DRUPAL-FORM-RNDR-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-7600 Code Core Drupal Execution Form Remote Rendering bid:103534
Release Date
04/17/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Drupal
Debian
CVSS Score
7.5