This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:DRUPAL-FORM-RNDR-RCE
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Drupal Core Form Rendering Remote Code Execution
|
Release Date |
2018/04/17
|
Update Number |
3056
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Drupal Core Form Rendering Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Drupal. A successful attack can lead to arbitrary code execution.
Extended Description
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Affected Products
- Debian debian_linux 7.0
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Drupal drupal 7.57
- Drupal drupal 8.0.0
- Drupal drupal 8.0.1
- Drupal drupal 8.0.2
- Drupal drupal 8.0.3
- Drupal drupal 8.0.4
- Drupal drupal 8.0.5
- Drupal drupal 8.0.6
- Drupal drupal 8.1.0
- Drupal drupal 8.1.1
- Drupal drupal 8.1.10
- Drupal drupal 8.1.2
- Drupal drupal 8.1.3
- Drupal drupal 8.1.4
- Drupal drupal 8.1.5
- Drupal drupal 8.1.6
- Drupal drupal 8.1.7
- Drupal drupal 8.1.8
- Drupal drupal 8.1.9
- Drupal drupal 8.2.0
- Drupal drupal 8.2.1
- Drupal drupal 8.2.2
- Drupal drupal 8.2.3
- Drupal drupal 8.2.4
- Drupal drupal 8.2.5
- Drupal drupal 8.2.6
- Drupal drupal 8.2.7
- Drupal drupal 8.2.8
- Drupal drupal 8.3.0
- Drupal drupal 8.3.1
- Drupal drupal 8.3.2
- Drupal drupal 8.3.3
- Drupal drupal 8.3.4
- Drupal drupal 8.3.5
- Drupal drupal 8.3.6
- Drupal drupal 8.3.7
- Drupal drupal 8.3.8
- Drupal drupal 8.4.0
- Drupal drupal 8.4.1
- Drupal drupal 8.4.2
- Drupal drupal 8.4.3
- Drupal drupal 8.4.4
- Drupal drupal 8.4.5
- Drupal drupal 8.5.0
References