ET WEB_SPECIFIC_APPS Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)

SID: 2025534Rev: 30 viewsHistory

Sourceet/open

CreatedApril 26, 2018

UpdatedAugust 25, 2020

Classificationattempted-admin

alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"user/password"; pcre:"/(?:%(?:25)?23|#)\s*(access_callback|pre_render|post_render|lazy_builder)/"; http.request_body; content:"_triggering_element_name"; reference:cve,2018-7600; reference:url,research.checkpoint.com/uncovering-drupalgeddon-2; classtype:attempted-admin; sid:2025534; rev:3; metadata:affected_product Drupal_Server, attack_target Web_Server, created_at 2018_04_26, deployment Datacenter, confidence High, signature_severity Minor, tag drupalgeddon, tag CISA_KEV, updated_at 2020_08_25;)

References

cve	2018-7600
url	research.checkpoint.com/uncovering-drupalgeddon-2

Metadata

affected productDrupal_Server

attack targetWeb_Server

created at2018_04_26

deploymentDatacenter

confidenceHigh

signature severityMinor

tagCISA_KEV

updated at2020_08_25

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!