Vulnerabilities

Hackers attack websites exploiting new vulnerability in Drupal

Some versions of the content management system present a critical vulnerability that leaves them exposed to remote code execution attacks

Network
security
and
ethical hacking specialists from the International Institute of Cyber Security
report the presence of a critical vulnerability in Drupal,
the popular content management system.

Vulnerability (CVE-2019-6340) exists because “some types of fields do not properly
heal data from non-forms sources”, mentions the Drupal team, which is an open
source project. “This could lead to arbitrary code execution,” said network
security specialists.

In recent days Drupal released the fixes to
update the versions of 8.6.x to 8.6.10, as well as Drupal 8.5.x and previous to
8.5.11. “A kernel update is not required for Drupal 7, but several modules need
to be updated”.

According to Drupal developers, content
management system versions might be at risk if any of the following conditions
are present:

  • Drupal
    8 Web services: A site is only affected by this if you have the RESTful Web
    Services Module enabled and allow PATCH or POST requests
  • Other
    Web services modules: “The site has another enabled web services module, such
    as JSON: API in Drupal 8 , or RESTful Web services or services in Drupal 7

Drupal says that although version 7 of the Web
Services module is not at risk, it is highly recommended to apply all possible
updates.

Network security specialists mention that
vulnerability can be mitigated by disabling Web service modules or configuring
services for not all PUT, PATCH, or POST requests to Web services
resources. 

The project team also notes that any version of
Drupal that is 8.5.x or earlier has reached its expiration date and will not
receive more support.

Troy Mursch, a cybersecurity specialist,
mentioned that hackers have been exploiting this vulnerability, infiltrating on
websites on a massive scale. “We have found Drupal-related scans that try
to use the CHANGELOG.txt method to locate sites that are vulnerable to the
CVE-2019-6340 error.

Drupal is one of the most popular content
management systems in the world, only after Joomla and WordPress,
which covers 60% of the total of this market. According to developers, more
than 1 million websites are currently using Drupal.

Last year, Drupal announced that around 500
websites had been attacked by groups of unknown hackers exploiting remote code
execution vulnerability in order to mine the cryptocurrency Monero.

Among the victims of this attack were Lenovo,
the San Diego Zoo and the office of the Inspector General of the U.S. Equal Employment
Opportunities Commission, among other users of the content management system.

To Top

Pin It on Pinterest

Share This