{"uuid": "5600e5d0-97b2-4a86-8daf-b51ee17b48f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-7600", "type": "exploited", "source": "https://t.me/information_security_channel/15484", "content": "Drupalgeddon: Critical Flaw Exposes Million Drupal Websites to Attacks\nhttp://feedproxy.google.com/~r/Securityweek/~3/Vo9k44R8cho/drupalgeddon-critical-flaw-exposes-million-drupal-websites-attacks\n\nAll versions of the Drupal content management system are affected by a highly critical vulnerability that can be easily exploited to take complete control of affected websites in what may turn out to be Drupalgeddon (https://www.securityweek.com/security-advisory-assume-every-drupal-7-site-was-compromised-unless-patched-immediately) 2.0.\nWhile analyzing the security of Drupal, Jasper Mattsson discovered a serious remote code execution flaw that impacts versions 6, 7 and 8. This represents more than one million websites that can be hacked by a remote and unauthenticated attacker.\nThe security hole, tracked as CVE-2018-7600 and assigned a risk score of 21/25, can be exploited simply by accessing a page on the targeted Drupal website. Once exploited, it gives the attacker full control over a site, including access to non-public data and the possibility to delete or modify system data, Drupal developers warned (https://groups.drupal.org/security/faq-2018-002).\nThe vulnerability has been patched with the release of Drupal 7.58, 8.5.1, 8.3.9 and 8.4.6. While Drupal 6 has reached end of life and it\u2019s not supported since February 2016, a fix has still been developed due to the severity of the flaw and the high risk of exploitation.\nBesides updating their installations to the latest version, users can protect their websites against attacks by making some changes to the site\u2019s configuration. However, the required changes are \u201cdrastic.\u201d\n\u201cThere are several solutions, but they are all based on the idea of not serving the vulnerable Drupal pages to visitors. Temporarily replacing your Drupal site with a static HTML page is an effective mitigation. For staging or development sites you could disable the site or turn on a \u2018Basic Auth\u2019 password to prevent access to the site,\u201d Drupal developers said.\nCloudflare also announced that it has pushed out a rule to its Web Application Firewall (WAF) to block potential attacks.\nWhile no technical details have been made public, Drupal believes that exploits targeting the vulnerability will be created within hours or days, which is why it alerted (https://www.securityweek.com/drupal-patch-highly-critical-vulnerability-week) users of the flaw and an upcoming patch one week in advance. This appears to have been a good strategy, but many websites may still remain vulnerable for extended periods of time.", "creation_timestamp": "2018-03-29T07:45:13.000000Z"}