Debian DSA-4180-1 : drupal7 - security update (Drupalgeddon 2)

critical Nessus Plugin ID 109349


The remote Debian host is missing a security-related update.


A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at


Upgrade the drupal7 packages.

For the oldstable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u12.

For the stable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u4.

See Also

Plugin Details

Severity: Critical

ID: 109349

File Name: debian_DSA-4180.nasl

Version: 1.17

Type: local

Agent: unix

Published: 4/26/2018

Updated: 4/26/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2018-7602


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:drupal7, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/25/2018

Vulnerability Publication Date: 7/19/2018

CISA Known Exploited Dates: 5/4/2022

Exploitable With

Elliot (Drupal 7 SA-CORE-2018-004 RCE)

Reference Information

CVE: CVE-2018-7602

DSA: 4180