Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4180.NASL
HistoryApr 26, 2018 - 12:00 a.m.

Debian DSA-4180-1 : drupal7 - security update (Drupalgeddon 2)

2018-04-2600:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4180. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(109349);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/26");

  script_cve_id("CVE-2018-7602");
  script_xref(name:"DSA", value:"4180");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");

  script_name(english:"Debian DSA-4180-1 : drupal7 - security update (Drupalgeddon 2)");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"A remote code execution vulnerability has been found in Drupal, a
fully-featured content management framework. For additional
information, please refer to the upstream advisory at
https://www.drupal.org/sa-core-2018-004"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896701"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.drupal.org/sa-core-2018-004"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/drupal7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/drupal7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/drupal7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2018/dsa-4180"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade the drupal7 packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 7.32-1+deb8u12.

For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u4."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7602");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Drupal 7 SA-CORE-2018-004 RCE");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/26");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"drupal7", reference:"7.32-1+deb8u12")) flag++;
if (deb_check(release:"9.0", prefix:"drupal7", reference:"7.52-2+deb9u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxdrupal7p-cpe:/a:debian:debian_linux:drupal7
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Related

osv 5
exploitpack 2
nessus 8
ibm 1
zdt 2
ubuntucve 1
openvas 18
cve 1
debian 3
packetstorm 2
github 1
nuclei 1
cisa_kev 1
alpinelinux 1
fedora 14
seebug 1
prion 1
attackerkb 1
archlinux 1
debiancve 1
f5 1
drupal 1
checkpoint_advisories 1
dsquare 1
threatpost 1
exploitdb 1
thn 2
impervablog 1
veracode 1
malwarebytes 1
ubuntu 1
fireeye 1
kitploit 1
osv
osv
CVE-2018-7602
2018-07-19 17:29:00
drupal7 - security update
2018-04-25 00:00:00
drupal7 - security update
2018-04-26 00:00:00
exploitpack
exploitpack
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)
2018-04-30 00:00:00
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code Execution (PoC)
2018-04-25 00:00:00
nessus
nessus
Fedora 27 : drupal7 (2018-b9ad458866) (Drupalgeddon 2)
2018-05-11 00:00:00
Fedora 26 : drupal7 (2018-2359c2ae0e) (Drupalgeddon 2)
2018-05-11 00:00:00
Drupal 7.x < 7.59 / 8.4.x < 8.4.8 / 8.5.x < 8.5.3 Remote Code Execution Vulnerability (SA-CORE-2018-004)
2018-04-25 00:00:00
ibm
ibm
Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602)
2018-06-15 07:09:14
zdt
zdt
Drupal < 7.58 - drupalgeddon3 Authenticated Remote Code Execution (PoC) Exploit
2018-04-26 00:00:00
Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit
2018-05-01 00:00:00
ubuntucve
ubuntucve
CVE-2018-7602
2018-07-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4180-1)
2018-04-24 00:00:00
Debian: Security Advisory (DLA-1365-1)
2018-04-26 00:00:00
Fedora Update for drupal7 FEDORA-2018-18023f40fa
2018-12-04 00:00:00
cve
cve
CVE-2018-7602
2018-07-19 17:29:00
debian
debian
[SECURITY] [DLA 1365-1] drupal7 security update
2018-04-26 09:28:04
[SECURITY] [DSA 4180-1] drupal7 security update
2018-04-25 20:13:52
[SECURITY] [DSA 4180-1] drupal7 security update
2018-04-25 20:13:52
packetstorm
packetstorm
Drupal drupgeddon3 Remote Code Execution
2018-04-26 00:00:00
Drupalgeddon3 Remote Code Execution
2018-04-30 00:00:00
github
github
Drupal Core Remote Code Execution Vulnerability
2024-04-23 22:36:09
nuclei
nuclei
Drupal - Remote Code Execution
2022-02-04 19:09:58
cisa_kev
cisa_kev
Drupal Core Remote Code Execution Vulnerability
2022-04-13 00:00:00
alpinelinux
alpinelinux
CVE-2018-7602
2018-07-19 17:29:00
fedora
fedora
[SECURITY] Fedora 28 Update: drupal7-7.59-1.fc28
2018-05-05 20:37:11
[SECURITY] Fedora 28 Update: drupal7-7.64-1.fc28
2019-03-06 15:28:58
[SECURITY] Fedora 28 Update: drupal7-7.60-2.fc28
2018-12-03 01:39:08
seebug
seebug
Drupal core Remote Code Execution(CVE-2018-7602)
2018-04-26 00:00:00
prion
prion
Remote code execution
2018-07-19 17:29:00
attackerkb
attackerkb
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
2018-07-19 00:00:00
archlinux
archlinux
[ASA-201804-10] drupal: arbitrary command execution
2018-04-27 00:00:00
debiancve
debiancve
CVE-2018-7602
2018-07-19 17:29:00
f5
f5
K59591931 : Drupal vulnerability CVE-2018-7602
2018-04-30 00:00:00
drupal
drupal
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
2018-04-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Drupal Core Remote Code Execution (CVE-2018-7602)
2018-04-26 00:00:00
dsquare
dsquare
Drupal 7 SA-CORE-2018-004 RCE
2018-05-08 00:00:00
threatpost
threatpost
Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2
2018-04-24 18:34:37
exploitdb
exploitdb
Drupal &lt; 7.58 - &#039;Drupalgeddon3&#039; (Authenticated) Remote Code (Metasploit)
2018-04-30 00:00:00
thn
thn
Third Critical Drupal Flaw Discoveredโ€”Patch Your Sites Immediately
2018-04-25 16:41:00
Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack
2018-04-26 12:32:00
impervablog
impervablog
The State of Web Application Vulnerabilities in 2018
2019-01-09 14:00:26
veracode
veracode
Remote Code Execution (RCE)
2018-04-26 10:18:46
malwarebytes
malwarebytes
A look into Drupalgeddonโ€™s client-side attacks
2018-05-18 15:00:00
ubuntu
ubuntu
Drupal vulnerabilities
2021-03-15 00:00:00
fireeye
fireeye
Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation โ€” Intelligence for Vulnerability Management, Part Two
2020-04-13 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
JSON
Related for DEBIAN_DSA-4180.NASL
osv5exploitpack2nessus8ibm1zdt2ubuntucve1openvas18cve1debian3packetstorm2github1nuclei1cisa_kev1alpinelinux1fedora14seebug1prion1attackerkb1archlinux1debiancve1f51drupal1checkpoint_advisories1dsquare1threatpost1exploitdb1thn2impervablog1veracode1malwarebytes1ubuntu1fireeye1kitploit1