vulnerability http://drupal.sh/taxonomy/term/52 en Drupal Critical Vulnerabilities Exploit (SA-CORE-2018-002) http://drupal.sh/drupal-critical-vulnerability-exploit-sa-core-2018-002 <span property="schema:name" class="field field--name-title field--type-string field--label-hidden">Drupal Critical Vulnerabilities Exploit (SA-CORE-2018-002)</span> <div class="field field--name-field-image field--type-image field--label-hidden field__item"> <img property="schema:image" src="http://drupal.sh/sites/default/files/styles/large/public/2018-03/drupaal.jpg?itok=WF_SLFiH" width="480" height="360" alt="Drupal Critical Vulnerability Exploit (SA-CORE-2018-002)" typeof="foaf:Image" class="image-style-large" /></div> <div property="schema:text" class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Drupal is a content management system often used for Enterprise Content Management Projects. The tool is large and has integrated features such as a database entity system, which leaves it open to lots of attack vectors because of the large API surface.Without a central authority like <strong>Acquia</strong> handling security updates, things can be difficult to patch and there will be vulnerable installs as was the case with Drupalgeddon in 2014.</p> <p>On March 28th the Drupal Security team announced multiple vulnerabilities in supported Drupal Versions 7 and 8. The vulnerability lies deep in the Core of Drupal CMS and thus makes every Drupal installation vulnerable. The exact nature of the vulnerability is not known, but it is likely that the vulnerability will allow access to the filesystem or database.</p> <p>The individual issues in this batch of security issues in Drupal versions 7 an 8 are:</p> <ul><li> <h4>Comment reply form allows access to restricted content - Critical - Drupal 8 - CVE-2017-6926</h4> </li> <li> <h4>JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 - CVE-2017-6927</h4> </li> <li> <h4>Private file access bypass - Moderately Critical - Drupal 7 - CVE-2017-6928</h4> </li> <li> <p>jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 - CVE-2017-6929</p> </li> <li> <p>Language fallback can be incorrect on multilingual sites with node access restrictions - Moderately Critical - Drupal 8 - CVE-2017-6930</p> </li> <li> <h4>Settings Tray access bypass - Moderately Critical - Drupal 8 - CVE-2017-6931</h4> </li> <li> <h4>External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 - CVE-2017-6932</h4> </li> </ul><p><img alt="Drupalgeddon Redux" data-entity-type="file" data-entity-uuid="bb278326-86a6-4cf1-967c-5ae4cdb09866" src="http://drupal.sh/sites/default/files/inline-images/drupaauul2.jpg" style="max-width:480px;margin:2em;" class="align-right" /></p> <p>By exploiting Drupal vulnerabilities attackers can make sensitive user data available publicly. This is similar to what happened when <a href="https://drupal.sh/drupal-panama-papers-leaks-mossack-fonseca">a vulnerable version of Drupal was used at Mossack Fonseca</a>, leading to the largest financial papers leak in the history of man. Drupal is not a capable platform for sophisticated applications like Facebook, so similar large scale personal data leak such as the Cambridge Analytica leak is not possible.</p> <p>Popular web application platforms like Drupal are well known and widely deployed, making them easy to exploit. As opposed to the Meltdown and Spectre vulnerabilities, which required expertise. The Drupal vulnerability is much easier to exploit as the upgrade process is not prompted automatically, and machines are always connected. This is a downside of popular platforms, especially ones that can be crawled automatically as WordPress bots are often working.</p> <p>More details from Drupal.org site: https://www.drupal.org/sa-core-2018-001</p> </div> <span rel="schema:author" class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="http://drupal.sh/user/1" typeof="schema:Person" property="schema:name" datatype="" xml:lang="">dryer</span></span> <span property="schema:dateCreated" content="2018-03-28T18:09:08+00:00" class="field field--name-created field--type-created field--label-hidden">Wed, 03/28/2018 - 18:09</span> <div class="field field--name-field-tags field--type-entity-reference field--label-above clearfix"> <h3 class="field__label">Tags</h3> <ul class="links field__items"><li><a href="http://drupal.sh/taxonomy/term/1" property="schema:about" hreflang="en">drupal</a></li> <li><a href="http://drupal.sh/taxonomy/term/51" property="schema:about" hreflang="en">exploit</a></li> <li><a href="http://drupal.sh/taxonomy/term/52" property="schema:about" hreflang="en">vulnerability</a></li> </ul></div> <section rel="schema:comment" class="field field--name-comment field--type-comment field--label-above comment-wrapper"></section><div class="node__links"> <ul class="links inline"><li class="comment-forbidden"><a href="http://drupal.sh/user/login?destination=/drupal-critical-vulnerability-exploit-sa-core-2018-002%23comment-form">Log in</a> to post comments</li></ul></div> Wed, 28 Mar 2018 18:09:08 +0000 dryer 57 at http://drupal.sh