SID 1-46451

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt

Rule Explanation

This event is generated when an attacker attempts to exploit CVE-2018-7602. Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2018-7600 CVE-2018-7602

Additional Links

www.drupal.org/sa-core-2018-002

www.drupal.org/sa-core-2018-004

Rule Vulnerability

CVE Additional Information

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Details
Severity		Base Score
Impact Score		Exploit Score
Confidentiality Impact		Integrity Impact
Availability Impact		Access Vector
Authentication		Ease of Access

CVE-2018-7602

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Details
Severity		Base Score	9.8
Impact Score	5.9	Exploit Score	3.9
Confidentiality Impact	HIGH	Integrity Impact	HIGH
Availability Impact	HIGH	Access Vector
Authentication		Ease of Access