Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to carry out Drupal remote code execution vulnerability early warning. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

0x00 vulnerability background

On Feb. 21, Beijing time, 360CERT monitored a major security update released by Drupal, which fixed a remote code execution vulnerability numbered CVE-2019-6340. After research and judgment, the vulnerability is caused by the lack of strict verification of the data passed into the RESTful Web service. Successful exploitation could lead to remote code execution on the target host. RESTful service is not enabled by default, which greatly reduces the risk of vulnerabilities. For security reasons, it is recommended that users who use Drupal upgrade the version in time.

0x01 vulnerability details

The vulnerability is caused by Drupal's failure to strictly validate RESTful Web data. If the site opens the RESTful Web service and accepts PATCH, POST requests, or other web service modules in the site, there will be deserialization problems, resulting in code execution.

Vulnerability exploitation requires multiple preconditions, which greatly weakens the actual impact of the vulnerability.

Impact of 0x02 vulnerabilities

The vulnerability affects some components in Drupal 8.6.x, Drupal 8.5.x, and Drupal 7. The detailed version information is as follows:

Drupal 8.6.9 and below

Drupal 8.6.10 and below

Influence component

RESTful Web Services

JSON:API

Link

Metatag

Video

Paragraphs

Translation Management Tool

Font Awesome lcons

0x03 security recommendations

For this vulnerability, you can disable all Web service modules or disable the processing of PUT / PATCH / POST requests for mitigation.

Because it affects the core components, it is strongly recommended that the majority of users upgrade the version and update the address as needed:

Https://www.drupal.org/project/drupal/releases/8.6.10

Https://www.drupal.org/project/drupal/releases/8.6.10

Https://www.drupal.org/security/contrib

The above is the editor for you to share how to carry out Drupal remote code execution vulnerability early warning, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.