SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Drupal 8 remote code execution attempt
This event is generated when an attempt to exploit CVE-2018-7600 is detected.
Attempted Administrator Privilege Gain
CVE-2018-7600 is an issue with Drupal < 7.58 and < 8.51 where improper validation and sanitizing of internal Drupal attributes can lead to remote code execution on an affected system.
Ease of Attack:
Simple, public PoC's are available.
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-7600Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
||Ease of Access||