ICT Security-Sécurité PC et Internet

Drupal-Seiten werden angegriffen
Schon wieder eine sehr kritische Drupal-Lücke: CVE-2018-7602 ermöglicht einem Angreifer die Übernahme von Drupal-Seiten. Erste Angriffe werden bereits nach wenigen Stunden registriert.

Angreifer haben nur wenige Stunden nach Bekanntwerden einer erneuten kritischen Sicherheitslücke im Content-Management-System (CMS) Drupal begonnen, den Bug für Attacken auszunutzen. Sie nutzen dabei Code eines Proof-of-Concepts, der online verfügbar ist.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Drupal

A dangerous Drupal flaw could leave your site completely compromised if you don't patch the flaw immediately.

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.

The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions.

Admins are being urged to immediately update to Drupal 7.58 or Drupal 8.5.1. Drupal issued an alert for the patch last week warning admins to allocate time for patching because exploits might arrive "within hours or days" of its security release. So far, there haven't been any attacks using the flaw, according to Drupal.

The bug, which is being called Drupalgeddon2, has been assigned the official identifier CVE-2018-7600.

Drupal has given it a 'highly critical' rating with a risk score of 21 out of 25 under the NIST Common Misuse Scoring System.

Although there are no security releases for the unsupported Drupal 8.3.x and 8.4.x, Drupal has released patches for quick remediation.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Drupal