SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Drupal 8 remote code execution attempt
CVE-2018-7600 is an issue with Drupal < 7.58 and < 8.51 where improper validation and sanitizing of internal Drupal attributes can lead to remote code execution on an affected system.
What To Look For
This event is generated when an attempt to exploit CVE-2018-7600 is detected.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-7600Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
||Ease of Access||