Update Drupal ASAP: Over a Million Sites Can Be Easily Hacked by Any Visitor
Update Drupal ASAP: Over a Million Sites Can Be Easily Hacked by Any Visitor
Published on March 29, 2018 at 02:40PM
Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site. From a report: The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions. Admins are being urged to immediately update to Drupal 7.58 or Drupal 8.5.1. Drupal issued an alert for the patch last week warning admins to allocate time for patching because exploits might arrive "within hours or days" of its security release. So far, there haven't been any attacks using the flaw, according to Drupal. The bug, which is being called Drupalgeddon2, has been assigned the official identifier CVE-2018-7600. Drupal has given it a 'highly critical' rating with a risk score of 21 out of 25 under the NIST Common Misuse Scoring System. Further reading: Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites (BleepingComputer). Commenting on security advisory that Drupal issued last week, BleepingComputer's Catalin Cimpanu said, "In the 9 years I've been around Drupal, I've never seen them publish such an apocalyptic security advisory."
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
Published on March 29, 2018 at 02:40PM
Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site. From a report: The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions. Admins are being urged to immediately update to Drupal 7.58 or Drupal 8.5.1. Drupal issued an alert for the patch last week warning admins to allocate time for patching because exploits might arrive "within hours or days" of its security release. So far, there haven't been any attacks using the flaw, according to Drupal. The bug, which is being called Drupalgeddon2, has been assigned the official identifier CVE-2018-7600. Drupal has given it a 'highly critical' rating with a risk score of 21 out of 25 under the NIST Common Misuse Scoring System. Further reading: Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites (BleepingComputer). Commenting on security advisory that Drupal issued last week, BleepingComputer's Catalin Cimpanu said, "In the 9 years I've been around Drupal, I've never seen them publish such an apocalyptic security advisory."
Read more of this story at Slashdot.
Hope you like this please comment your view and share to your friends thanks for visiting bye guys meet you in next post
Update Drupal ASAP: Over a Million Sites Can Be Easily Hacked by Any Visitor
![Update Drupal ASAP: Over a Million Sites Can Be Easily Hacked by Any Visitor]()
Reviewed by Kartik
on
March 29, 2018
Rating:
No comments: