5/18/2023 0 Comments Drupal 7 exploit![]() Formally indexed as CVE-2018-7600, that bug also made it possible for attackers to remotely execute code of their choice on vulnerable servers, in that case simply by accessing a URL and injecting exploit code. Advertisementįurther Reading “Drupalgeddon2” touches off arms race to mass-exploit powerful Web serversThat severity rating is one notch lower than the so-called "Drupalgeddon2" bug maintainers patched late last month. What follows is the post as it was published at 12:24 PM California time, prior to Drupal maintainers' update.įor the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. Now that the vulnerability is actively being exploited maintainers have raised the severity rating to highly critical. It's not yet automated in a way that would let an attacker try it against hundreds of sites." "It's safe to assume that proof of concept (or others like it) are being used maliciously against individual sites by people who are willing to slowly attack a high value target. "We have definitely seen proof of concept exploits published online," Knaddison wrote in an e-mail. So far, Drupal maintainers aren't aware of any successful site take-overs resulting from the vulnerability. The code has not yet been automated in a way that can target large numbers of sites, in large part because successful exploits require permissions and configuration settings that differ from site to site. ![]() So far, the attackers are using proof-of-concept attack code published online that shows one method of exploiting the critical flaw, Drupal security team member Greg Knaddison told Ars. Just hours after maintainers of the open-source program disclosed the vulnerability, it came under active attack, they said. Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers.
0 Comments
Leave a Reply. |