APP: Hewlett Packard OpenView Command Injection

This signature detects attempts to exploit a command injection vulnerability. It is due to insufficient validation of user-supplied input. A successful attack can lead to execute arbitrary commands in the context of the application.

Extended Description

Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

Affected Products

Microsoft internet_explorer

References

BugTraq: 12160

CVE: CVE-2004-1376

Short Name
APP:HPOV:CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-1376 Command Hewlett Injection OpenView Packard bid:12160
Release Date
02/10/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3404
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors

Microsoft

CVSS Score

5.0

Found a potential security threat?