SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Drupal 8 remote code execution attempt
CVE-2018-7600 is an issue with Drupal < 7.58 and < 8.51 where improper validation and sanitizing of internal Drupal attributes can lead to remote code execution on an affected system.
This event is generated when an attempt to exploit CVE-2018-7600 is detected.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-7600Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org