cvelistv5 - cve-2018-7600

CVE-2018-7600 (GCVE-0-2018-7600)

Vulnerability from cvelistv5

Published

2018-03-29 07:00

Modified

2025-10-21 23:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

remote code execution

Summary

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

References

URL

Tags

	https://github.com/g0rx/CVE-2018-7600-Drupal-RCE	x_refsource_MISC
	http://www.securitytracker.com/id/1040598	vdb-entry, x_refsource_SECTRACK
	https://twitter.com/arancaytar/status/979090719003627521	x_refsource_MISC
	https://twitter.com/RicterZ/status/979567469726613504	x_refsource_MISC
	https://www.drupal.org/sa-core-2018-002	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_17	x_refsource_CONFIRM
	https://github.com/a2u/CVE-2018-7600	x_refsource_MISC
	https://www.exploit-db.com/exploits/44482/	exploit, x_refsource_EXPLOIT-DB
	https://research.checkpoint.com/uncovering-drupalgeddon-2/	x_refsource_MISC
	https://groups.drupal.org/security/faq-2018-002	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4156	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html	mailing-list, x_refsource_MLIST
	https://www.exploit-db.com/exploits/44448/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/103534	vdb-entry, x_refsource_BID
	https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/	x_refsource_MISC
	https://greysec.net/showthread.php?tid=2912&pid=10561	x_refsource_MISC
	https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714	x_refsource_MISC
	https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know	x_refsource_MISC
	https://twitter.com/RicterZ/status/984495201354854401	x_refsource_MISC
	https://www.exploit-db.com/exploits/44449/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1	Version: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-7600

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
          },
          {
            "name": "1040598",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040598"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/arancaytar/status/979090719003627521"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/RicterZ/status/979567469726613504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2018-002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/a2u/CVE-2018-7600"
          },
          {
            "name": "44482",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44482/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.drupal.org/security/faq-2018-002"
          },
          {
            "name": "DSA-4156",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4156"
          },
          {
            "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
          },
          {
            "name": "44448",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44448/"
          },
          {
            "name": "103534",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/RicterZ/status/984495201354854401"
          },
          {
            "name": "44449",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44449/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-7600",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T12:40:15.444546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:52.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-7600"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2018-7600 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
            }
          ]
        }
      ],
      "datePublic": "2018-03-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-11T12:57:01.000Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
        },
        {
          "name": "1040598",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040598"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/arancaytar/status/979090719003627521"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/RicterZ/status/979567469726613504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/sa-core-2018-002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/a2u/CVE-2018-7600"
        },
        {
          "name": "44482",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44482/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.drupal.org/security/faq-2018-002"
        },
        {
          "name": "DSA-4156",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4156"
        },
        {
          "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
        },
        {
          "name": "44448",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44448/"
        },
        {
          "name": "103534",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/RicterZ/status/984495201354854401"
        },
        {
          "name": "44449",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44449/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@drupal.org",
          "ID": "CVE-2018-7600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
              "refsource": "MISC",
              "url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
            },
            {
              "name": "1040598",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040598"
            },
            {
              "name": "https://twitter.com/arancaytar/status/979090719003627521",
              "refsource": "MISC",
              "url": "https://twitter.com/arancaytar/status/979090719003627521"
            },
            {
              "name": "https://twitter.com/RicterZ/status/979567469726613504",
              "refsource": "MISC",
              "url": "https://twitter.com/RicterZ/status/979567469726613504"
            },
            {
              "name": "https://www.drupal.org/sa-core-2018-002",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/sa-core-2018-002"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_17",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_17"
            },
            {
              "name": "https://github.com/a2u/CVE-2018-7600",
              "refsource": "MISC",
              "url": "https://github.com/a2u/CVE-2018-7600"
            },
            {
              "name": "44482",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44482/"
            },
            {
              "name": "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
              "refsource": "MISC",
              "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
            },
            {
              "name": "https://groups.drupal.org/security/faq-2018-002",
              "refsource": "CONFIRM",
              "url": "https://groups.drupal.org/security/faq-2018-002"
            },
            {
              "name": "DSA-4156",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4156"
            },
            {
              "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
            },
            {
              "name": "44448",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44448/"
            },
            {
              "name": "103534",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103534"
            },
            {
              "name": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
              "refsource": "MISC",
              "url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
            },
            {
              "name": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561",
              "refsource": "MISC",
              "url": "https://greysec.net/showthread.php?tid=2912\u0026pid=10561"
            },
            {
              "name": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
              "refsource": "MISC",
              "url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
            },
            {
              "name": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
              "refsource": "MISC",
              "url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
            },
            {
              "name": "https://twitter.com/RicterZ/status/984495201354854401",
              "refsource": "MISC",
              "url": "https://twitter.com/RicterZ/status/984495201354854401"
            },
            {
              "name": "44449",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44449/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2018-7600",
    "datePublished": "2018-03-29T07:00:00.000Z",
    "dateReserved": "2018-03-01T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:52.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-7600",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-7600",
      "product": "Drupal Core",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.",
      "vendorProject": "Drupal",
      "vulnerabilityName": "Drupal Core Remote Code Execution Vulnerability"
    }
  }
}

CERTFR-2018-ALE-005

Vulnerability from certfr_alerte

Le 28 mars 2018, l'éditeur du système de gestion de contenu Drupal a publié un avis de sécurité concernant une vulnérabilité critique dans Drupal core. L'avis SA-CORE-2018-002 indique que les systèmes Drupal en versions 7.x, 8.5.x, mais également les systèmes n'étant plus supportés (version 8.3.x, 8.4.x et 6), sont affectés par une vulnérabilité hautement critique pouvant mener à la compromission complète d'un site web basé sur Drupal.

Cette vulnérabilité, identifiée en tant que CVE-2018-7600, permettrait à un visiteur d'un site vulnérable d'accéder à toutes les données contenues sur le site, de les modifier et de les supprimer, et ce sans authentification.

Le CERT-FR recommande d'appliquer au plus tôt les correctifs de sécurité mis à disposition par Drupal.

[ Mise à jour du 16 avril 2018]

Le 12 avril 2018, une preuve de concept exploitant la vulnérabilité CVE-2018-7600 a été publiée publiquement sur Github. Depuis, le CERT-FR constate des tentatives d'exploitation.

Au vu de la facilité d'exploitation et de la criticité de cette vulnérabilité, le CERT-FR a décidé de rouvrir l'alerte CERTFR-2018-ALE-005 et rappelle qu'il est nécessaire d'appliquer les correctifs déjà disponibles immédiatement.

[ Mise à jour du 26 avril 2018]

Le 25 avril, l'éditeur de Drupal a publié un nouveau bulletin d'alerte concernant une vulnérabilité similaire à la CVE-2018-7600, la CVE-2018-7602. Cette vulnérabilité permet une exécution de code arbitraire à distance et a été signalée comme exploitée très peu de temps après sa publication. Le CERT-FR conseille l'application immédiate des correctifs fournis par l'éditeur. Il est à noter que l'application des correctifs de la vulnérabilité CVE-2018-7602 nécessite l'installation préalable de ceux de la CVE-2018-7600.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Drupal	Drupal	Drupal versions 8.5.x antérieures à 8.5.3
Drupal	Drupal	Drupal versions 7.x antérieures à 7.59
Drupal	Drupal	Drupal versions 8.4.x antérieures à 8.4.8
Drupal	Drupal	Drupal version 6

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-004 du 25 avril 2018	None	vendor-advisory
Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions Drupal pour l'avis de sécurité SA-CORE-2018-002	None	vendor-advisory
Avis CERT-FR CERTFR-2018-AVI-158 Vulnérabilité dans Drupal	-	other
Billet de blogue Checkpoint	-	other
Billet de blogue SANS	-	other
Avis CERT-FR CERTFR-2018-AVI-204 Vulnérabilité dans Drupal	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal versions 8.5.x ant\u00e9rieures \u00e0 8.5.3",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 7.x ant\u00e9rieures \u00e0 7.59",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal versions 8.4.x ant\u00e9rieures \u00e0 8.4.8",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    },
    {
      "description": "Drupal version 6",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-07-30",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    },
    {
      "name": "CVE-2018-7602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7602"
    }
  ],
  "initial_release_date": "2018-03-29T00:00:00",
  "last_revision_date": "2018-07-30T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-158 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-158"
    },
    {
      "title": "Billet de blogue Checkpoint",
      "url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
    },
    {
      "title": "Billet de blogue SANS",
      "url": "https://isc.sans.edu/forums/diary/Drupal+CVE20187600+PoC+is+Public/23549/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-204 Vuln\u00e9rabilit\u00e9 dans Drupal",
      "url": "http://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-204"
    }
  ],
  "reference": "CERTFR-2018-ALE-005",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    },
    {
      "description": "Modification d\u0027un lien",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Rouverture de l\u0027alerte suite \u00e0 la publication du PoC, ajout de liens",
      "revision_date": "2018-04-16T00:00:00.000000"
    },
    {
      "description": "Ajout de la CVE-2018-7602",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Modification du titre de l\u0027alerte",
      "revision_date": "2018-04-26T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2018-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Le 28 mars 2018, l\u0027\u00e9diteur du syst\u00e8me de gestion de contenu Drupal a\npubli\u00e9 un avis de s\u00e9curit\u00e9 concernant une vuln\u00e9rabilit\u00e9 critique dans\nDrupal core. L\u0027avis SA-CORE-2018-002 indique que les syst\u00e8mes Drupal en\nversions 7.x, 8.5.x, mais \u00e9galement les syst\u00e8mes n\u0027\u00e9tant plus support\u00e9s\n(version 8.3.x, 8.4.x et 6), sont affect\u00e9s par une vuln\u00e9rabilit\u00e9\nhautement critique pouvant mener \u00e0 la compromission compl\u00e8te d\u0027un site\nweb bas\u00e9 sur Drupal.\n\nCette vuln\u00e9rabilit\u00e9, identifi\u00e9e en tant que CVE-2018-7600, permettrait \u00e0\nun visiteur d\u0027un site vuln\u00e9rable d\u0027acc\u00e9der \u00e0 toutes les donn\u00e9es\ncontenues sur le site, de les modifier et de les supprimer, et ce sans\nauthentification.\n\nLe CERT-FR recommande d\u0027appliquer au plus t\u00f4t les correctifs de s\u00e9curit\u00e9\nmis \u00e0 disposition par Drupal.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 16 avril 2018\\]\u003c/strong\u003e\n\nLe 12 avril 2018, une preuve de concept exploitant la vuln\u00e9rabilit\u00e9\nCVE-2018-7600 a \u00e9t\u00e9 publi\u00e9e publiquement sur Github. Depuis, le CERT-FR\nconstate des tentatives d\u0027exploitation.\n\nAu vu de la facilit\u00e9 d\u0027exploitation et de la criticit\u00e9 de cette\nvuln\u00e9rabilit\u00e9, le CERT-FR a d\u00e9cid\u00e9 de rouvrir\nl\u0027alerte\u00a0CERTFR-2018-ALE-005 et rappelle qu\u0027il est n\u00e9cessaire\nd\u0027appliquer les correctifs d\u00e9j\u00e0 disponibles imm\u00e9diatement.\n\n\u003cstrong\u003e\\[ Mise \u00e0 jour du 26 avril 2018\\]\u003c/strong\u003e\n\nLe 25 avril, l\u0027\u00e9diteur de Drupal a publi\u00e9 un nouveau bulletin d\u0027alerte\nconcernant une vuln\u00e9rabilit\u00e9 similaire \u00e0 la CVE-2018-7600, la\nCVE-2018-7602. Cette vuln\u00e9rabilit\u00e9 permet une ex\u00e9cution de code\narbitraire \u00e0 distance et a \u00e9t\u00e9 signal\u00e9e comme exploit\u00e9e tr\u00e8s peu de\ntemps apr\u00e8s sa publication. Le CERT-FR conseille l\u0027application imm\u00e9diate\ndes correctifs fournis par l\u0027\u00e9diteur. Il est \u00e0 noter que l\u0027application\ndes correctifs de la vuln\u00e9rabilit\u00e9 CVE-2018-7602 n\u00e9cessite\nl\u0027installation pr\u00e9alable de ceux de la CVE-2018-7600.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-004 du 25 avril 2018",
      "url": "https://www.drupal.org/sa-core-2018-004"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    },
    {
      "published_at": null,
      "title": "Foire aux questions Drupal pour l\u0027avis de s\u00e9curit\u00e9 SA-CORE-2018-002",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ]
}

CERTFR-2018-AVI-158

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Drupal	Drupal	Drupal toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Drupal SA-CORE-2018-002 du 28 mars 2018	None	vendor-advisory
Foire aux questions sur la vulnérabilités CVE-2018-7600	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Drupal toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Drupal",
        "vendor": {
          "name": "Drupal",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"
    }
  ],
  "initial_release_date": "2018-03-29T00:00:00",
  "last_revision_date": "2018-03-29T00:00:00",
  "links": [
    {
      "title": "Foire aux questions sur la vuln\u00e9rabilit\u00e9s CVE-2018-7600",
      "url": "https://groups.drupal.org/security/faq-2018-002"
    }
  ],
  "reference": "CERTFR-2018-AVI-158",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Drupal. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Drupal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Drupal SA-CORE-2018-002 du 28 mars 2018",
      "url": "https://www.drupal.org/sa-core-2018-002"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-7600 (GCVE-0-2018-7600)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2018-ALE-005

Vulnerability from certfr_alerte

Solution

CERTFR-2018-AVI-158

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature