""ET WEB_SPECIFIC_APPS Drupal RCE (CVE-2018-7602)""

SID: 2025533

Revision: 2

Class Type: attempted-user

Metadata: affected_product Drupal_Server, attack_target Web_Server, created_at 2018_04_26, deployment Datacenter, signature_severity Minor, tag drupalgeddon, updated_at 2018_04_26

Reference:

  • cve

  • 2018-7602

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "POST"

  • Value: "/?q=node"

  • Value: "delete&destination="

  • Value: "#"

  • Value: "form_id=node_delete_confirm"

Within:

PCRE:

Special Options:

  • http_method

  • nocase

  • http_uri

  • http_uri

  • http_uri

  • http_client_body

  • fast_pattern

source