Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook, William Vu and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post.

Background on the Drupalgeddon vulnerability

The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28 ) as SA-CORE-2018-002. The advisory was released with a patch and CVE (CVE-2018-7600) at the same time.

Rapid7 Labs has been monitoring active exploitation attempts through Project Heisenberg since the release and began seeing a serious uptick in probes for Drupal nodes in mid-April:

Drupalgeddon Vulnerability: What is it? Are You Impacted?

Drupalgeddon Vulnerability: What is it? Are You Impacted?

The vast majority of these connections were attempting to use the…



Source link