UI: Remove Drupal exploiter references
This commit is contained in:
Shreya Malviya
parent
7eddee251e
commit
ffbf0f440e
|
|
@ -24,7 +24,6 @@ import {struts2IssueOverview, struts2IssueReport} from './security/issues/Struts
|
||||||
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
|
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
|
||||||
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
|
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
|
||||||
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
|
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
|
||||||
import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIssue';
|
|
||||||
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
||||||
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
|
||||||
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
|
||||||
|
|
@ -98,11 +97,6 @@ class ReportPageComponent extends AuthComponent {
|
||||||
[this.issueContentTypes.REPORT]: mssqlIssueReport,
|
[this.issueContentTypes.REPORT]: mssqlIssueReport,
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||||
},
|
},
|
||||||
'DrupalExploiter': {
|
|
||||||
[this.issueContentTypes.OVERVIEW]: drupalIssueOverview,
|
|
||||||
[this.issueContentTypes.REPORT]: drupalIssueReport,
|
|
||||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
|
||||||
},
|
|
||||||
'WmiExploiter': {
|
'WmiExploiter': {
|
||||||
[this.issueContentTypes.REPORT]: {
|
[this.issueContentTypes.REPORT]: {
|
||||||
[this.credentialTypes.PASSWORD]: wmiPasswordIssueReport,
|
[this.credentialTypes.PASSWORD]: wmiPasswordIssueReport,
|
||||||
|
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
import React from 'react';
|
|
||||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
|
||||||
|
|
||||||
export function drupalIssueOverview() {
|
|
||||||
return (<li>Drupal server/s are vulnerable to <a
|
|
||||||
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">CVE-2019-6340</a>.</li>)
|
|
||||||
}
|
|
||||||
|
|
||||||
export function drupalIssueReport(issue) {
|
|
||||||
return (
|
|
||||||
<>
|
|
||||||
Upgrade Drupal server to versions 8.5.11, 8.6.10, or later.
|
|
||||||
<CollapsibleWellComponent>
|
|
||||||
Drupal server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
|
||||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
|
|
||||||
className="badge badge-danger">remote command execution</span> attack.
|
|
||||||
<br/>
|
|
||||||
The attack was made possible because the server is using an old version of Drupal, for which REST API is
|
|
||||||
enabled. For possible workarounds, fixes and more info read
|
|
||||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">here</a>.
|
|
||||||
</CollapsibleWellComponent>
|
|
||||||
</>
|
|
||||||
);
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue