HTTP: Unwise Characters in URL Variable (1)
This signature detects "unwise" characters in a URL, as defined by RFC-2396, "Uniform Resource Identifiers (URI): Generic Syntax". These characters may be an indication that SQL injection or other malicious activity may be occurring. It could also be the result of improper or poor web application design. If you are seeing a large number of hits on this signature to confirmed benign web applications, you may need to exempt those web applications until those web applications can be corrected. This is not a false positive, as the web application is failing to adhere to RFC standards.
Extended Description
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
Affected Products
Katalog.hurricane katalog_stron_hurricane
Short Name
HTTP:AUDIT:UNWISE-CHAR-1
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(1) CVE-2010-0678 CVE-2010-0795 CVE-2014-8586 CVE-2017-12500 Characters URL Unwise Variable in
Release Date
01/19/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Katalog.hurricane
CVSS Score
7.5
9.0
6.8