WAS and Newly Discovered Drupal Vulnerability

Document created by Dave Ferguson Employee on Mar 29, 2018Last modified by Dave Ferguson Employee on Mar 29, 2018
Version 5Show Document
  • View in full screen mode

Hello all -


A new advisory about a remote code execution vulnerability in Drupal CMS was just published. This is a very dangerous vulnerability for which Mitre has assigned CVE-2018-7600.


The following versions are vulnerable:

  • Drupal 7.x prior to 7.58
  • All versions of Drupal 8.2.x
  • Drupal 8.3.x prior to 8.3.9
  • Drupal 8.4.x prior to 8.4.6
  • Drupal 8.5.x prior to 8.5.1


If you're already using Qualys WAS to scan all of your websites on a regular basis, you can quickly find out if you're running a vulnerable version of Drupal in your environment.  You don't even need to run additional scans. 


Simply open WAS and go to Detections.  In the search field, enter "150183" (this is the WAS QID reported when Drupal CMS is detected).  If WAS has identified any web apps running Drupal, you will see QID 150183 listed in the detections.  Open each detection and look at the "Results" section to see the version of Drupal running on that site.  If necessary, start the patching process!


Keep in mind that you can also leverage WAS when new vulnerabilities are announced for WordPress and Joomla.  QID 150177 reports WordPress CMS version and QID 150182 reports Joomla CMS version.  Just follow the same process described above.



2 people found this helpful