1 min read

Mitigation Instructions for CVE-2018-7600

Mitigation Instructions for CVE-2018-7600

SUBJECT: Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 

TECH STACK: DRUPAL 7.X AND 8.X VERSIONS

DATE(S) ISSUED: MARCH 28, 2018

Criticality: Critical

OVERVIEW:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. 

THREAT INTELLIGENCE:
This vulnerability is being actively exploited in the wild. 

SOLUTION:

Upgrade to the most recent version of Drupal 7 or 8 core.

  • If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
  • If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)

Drupal 8.3.x and 8.4.x are no longer supported and we don't normally provide security releases for unsupported minor releases. However, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that include the fix for sites which have not yet had a chance to update to 8.5.0.

Your site's update report page will recommend the 8.5.x release even if you are on 8.3.x or 8.4.x. Please take the time to update to a supported version after installing this security update.

This issue also affects Drupal 8.2.x and earlier, which are no longer supported. If you are running any of these versions of Drupal 8, update to a more recent release and then follow the instructions above.

This issue also affects Drupal 6. Drupal 6 is End of Life. For more information on Drupal 6 support please contact a D6LTS vendor.

REFERENCES:
Drupal.org:

https://www.drupal.org/sa-core-2018-002

Mitigation Instructions for Adobe ColdFusion CVE-2023-29300

Mitigation Instructions for Adobe ColdFusion CVE-2023-29300

SUBJECT: CVE-2023-29300: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability - Detailed Mitigation Guide

Read More
Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

Mitigation Instructions for Microsoft Exchange Server CVE-2024-21410

SUBJECT: Critical Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Read More
Mitigation Instructions for Cisco ASA and FTD CVE-2020-3259

Mitigation Instructions for Cisco ASA and FTD CVE-2020-3259

SUBJECT: Mitigate Cisco ASA and FTD Information Disclosure Vulnerability (CVE-2020-3259)

Read More