Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:DRUPAL-MUL-SUBSYS-CE

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Drupal Multiple subsystems Remote Code Execution

Release Date

 2018/05/03

Update Number

 3062

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Drupal Multiple subsystems Remote Code Execution


This signature detects attempts to exploit a known vulnerability against Drupal. A successful attack can lead to arbitrary code execution.

Extended Description

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Affected Products

  • Debian debian_linux 7.0
  • Debian debian_linux 8.0
  • Debian debian_linux 9.0
  • Drupal drupal 6.38
  • Drupal drupal 7.0
  • Drupal drupal 7.1
  • Drupal drupal 7.10
  • Drupal drupal 7.11
  • Drupal drupal 7.12
  • Drupal drupal 7.13
  • Drupal drupal 7.14
  • Drupal drupal 7.15
  • Drupal drupal 7.16
  • Drupal drupal 7.17
  • Drupal drupal 7.18
  • Drupal drupal 7.19
  • Drupal drupal 7.2
  • Drupal drupal 7.20
  • Drupal drupal 7.21
  • Drupal drupal 7.22
  • Drupal drupal 7.23
  • Drupal drupal 7.24
  • Drupal drupal 7.25
  • Drupal drupal 7.26
  • Drupal drupal 7.27
  • Drupal drupal 7.28
  • Drupal drupal 7.29
  • Drupal drupal 7.3
  • Drupal drupal 7.30
  • Drupal drupal 7.31
  • Drupal drupal 7.32
  • Drupal drupal 7.33
  • Drupal drupal 7.34
  • Drupal drupal 7.35
  • Drupal drupal 7.36
  • Drupal drupal 7.37
  • Drupal drupal 7.38
  • Drupal drupal 7.39
  • Drupal drupal 7.4
  • Drupal drupal 7.40
  • Drupal drupal 7.41
  • Drupal drupal 7.42
  • Drupal drupal 7.43
  • Drupal drupal 7.44
  • Drupal drupal 7.5
  • Drupal drupal 7.50
  • Drupal drupal 7.51
  • Drupal drupal 7.52
  • Drupal drupal 7.53
  • Drupal drupal 7.54
  • Drupal drupal 7.55
  • Drupal drupal 7.56
  • Drupal drupal 7.57
  • Drupal drupal 7.58
  • Drupal drupal 7.6
  • Drupal drupal 7.7
  • Drupal drupal 7.8
  • Drupal drupal 7.9
  • Drupal drupal 8.4.0
  • Drupal drupal 8.4.1
  • Drupal drupal 8.4.2
  • Drupal drupal 8.4.3
  • Drupal drupal 8.4.4
  • Drupal drupal 8.4.5
  • Drupal drupal 8.4.6
  • Drupal drupal 8.4.7
  • Drupal drupal 8.5.0
  • Drupal drupal 8.5.1
  • Drupal drupal 8.5.2

References

  • CVE: CVE-2018-7602

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out