Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562310117053HistoryNov 20, 2020 - 12:00 a.m.
Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Windows
2020-11-2000:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
1
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Drupal is prone to a remote code execution (RCE) vulnerability.
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:drupal:drupal";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.117053");
script_version("2024-02-19T05:05:57+0000");
script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
script_tag(name:"creation_date", value:"2020-11-20 07:40:39 +0000 (Fri, 20 Nov 2020)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-12-15 04:15:00 +0000 (Tue, 15 Dec 2020)");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2020-13671");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_drupal_http_detect.nasl", "os_detection.nasl");
script_mandatory_keys("drupal/detected", "Host/runs_windows");
script_tag(name:"summary", value:"Drupal is prone to a remote code execution (RCE) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Drupal core does not properly sanitize certain filenames on uploaded
files, which can lead to files being interpreted as the incorrect extension and served as the wrong
MIME type or executed as PHP for certain hosting configurations.");
script_tag(name:"affected", value:"Drupal 7.x, 8.8.x and prior, 8.9.x and 9.0.x.");
script_tag(name:"solution", value:"Update to version 7.74, 8.8.11, 8.9.9, 9.0.8 or later.
Additionally, it's recommended that you audit all previously uploaded files to check for malicious extensions.
Look specifically for files that include more than one extension, like filename.php.txt or filename.html.gif,
without an underscore (_) in the extension. Pay specific attention to the following file extensions, which
should be considered dangerous even when followed by one or more additional extensions:
- phar
- php
- pl
- py
- cgi
- asp
- js
- html
- htm
- phtml
This list is not exhaustive, so evaluate security concerns for other unmunged extensions on a case-by-case basis.");
script_xref(name:"URL", value:"https://www.drupal.org/sa-core-2020-012");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "^[0-9]\.[0-9]+"))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "7.74")) {
report = report_fixed_ver(installed_version: version, fixed_version: "7.74", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range(version: version, test_version: "8.0", test_version2: "8.8.10")) {
report = report_fixed_ver(installed_version: version, fixed_version: "8.8.11", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range(version: version, test_version: "8.9", test_version2: "8.9.8")) {
report = report_fixed_ver(installed_version: version, fixed_version: "8.9.9", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range(version: version, test_version: "9.0", test_version2: "9.0.7")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.0.8", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Related
veracode
veracode
Remote Code Execution (RCE)
2020-11-20 13:22:25
Remote Code Execution (RCE)
2020-11-20 09:24:06
drupal
drupal
Drupal core - Critical - Remote code execution - SA-CORE-2020-012
2020-11-18 00:00:00
openvas
openvas
Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Linux
2020-11-20 00:00:00
Debian: Security Advisory (DLA-2458-1)
2020-11-20 00:00:00
Fedora: Security Advisory for drupal7 (FEDORA-2020-7d8f772540)
2020-11-27 00:00:00
ubuntucve
ubuntucve
CVE-2020-13671
2020-11-20 00:00:00
github
github
Drupal core Unrestricted Upload of File with Dangerous Type
2021-10-12 16:28:25
nessus
nessus
Drupal 7.x < 7.74 / 8.x < 8.8.11 / 8.9.x < 8.9.9 / 9.0.x < 9.0.8 RCE (SA-CORE-2020-012)
2020-11-20 00:00:00
Debian DLA-2458-1 : drupal7 security update
2020-11-20 00:00:00
Fedora 33 : drupal8 (2020-6f1079934c)
2020-12-15 00:00:00
ibm
ibm
prion
prion
Code injection
2020-11-20 16:15:00
debiancve
debiancve
CVE-2020-13671
2020-11-20 16:15:00
attackerkb
attackerkb
CVE-2020-13671
2020-11-20 00:00:00
osv
osv
CVE-2020-13671
2020-11-20 16:15:15
Drupal core Unrestricted Upload of File with Dangerous Type
2021-10-12 16:28:25
BIT-drupal-2020-13671
2024-03-06 10:57:20
cisa_kev
cisa_kev
Drupal core Un-restricted Upload of File
2022-01-18 00:00:00
alpinelinux
alpinelinux
CVE-2020-13671
2020-11-20 16:15:00
redhatcve
redhatcve
CVE-2020-13671
2022-05-20 23:37:25
cve
cve
CVE-2020-13671
2020-11-20 16:15:00
debian
debian
[SECURITY] [DLA 2458-1] drupal7 security update
2020-11-19 11:47:17
fedora
fedora
[SECURITY] Fedora 33 Update: drupal7-7.74-1.fc33
2020-11-27 01:24:16
[SECURITY] Fedora 32 Update: drupal7-7.74-1.fc32
2020-11-27 01:12:43
[SECURITY] Fedora 32 Update: drupal8-8.9.11-1.fc32
2020-12-15 01:41:04
cisa
cisa
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2022-01-18 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Related for OPENVAS:1361412562310117053