On February 20th, Drupal released a security update that fixes a critical remote code execution . Detectify scans your site for this and will alert you if you are running a vulnerable version of Drupal.

Drupal RCE  - drupalRCE - What is Drupal RCE – CVE-2019-6340?

What can happen if I’m vulnerable?

The issue (CVE-2019-6340) is a remote code execution vulnerability that allows attackers to take over a Drupal site, accessing all non-public as well as being able to modify or delete it. The vulnerability can be exploited by simply sending one request to the server, which is why it has been assigned a high severity score.

Who is affected by this vulnerability?

Sites that have the Drupal 8 core RESTful Web Services (rest) module enabled.

What should I do if I see this finding in my Detectify report?

Immediately upgrade to the most recent version of Drupal core. If you are running 8.6.x, the latest release is 8.6., and if you are running 8..x or earlier, you should upgrade to 8..11.

The Drupal team has confirmed that exploits for this vulnerability have been developed and that evidence of automated attack has emerged during the weekend. This is why we recommend you to inspect your logs for signs of malicious activity.

How does Detectify check for this?

Shortly after the announcement from Drupal, Detectify received a working proof of concept through from one of our Detectify Crowdsource white hat hackers. This that we can check for the actual vulnerability rather than doing a version check, leading to a more accurate result.

More information

Drupal Public Service Announcement
Drupal Security Advisory

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP 10 and Drupal vulnerabilities. Start your free 14-day trial today and check for the latest vulnerabilities!

Source link


Please enter your comment!
Please enter your name here