HTTP: BadBlue MFC ISAPI Command Overflow
This signature detects attempts to exploit a known vulnerability against the BadBlue HTTP server. Attackers can send a malformed MFC ISAPI command to overflow a buffer and execute arbitrary code. This signature should only be used to examine traffic going to BadBlue HTTP servers.
Extended Description
A remote buffer overflow vulnerability affects Working Resources BadBlue. This issue is due to a failure of the application to securely copy GET request parameters into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected Web server, facilitating a SYSTEM level compromise.
Affected Products
Working_resources_inc. badblue
Short Name
HTTP:BADBLUE:MFC-ISAPI-CMD-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
BadBlue CVE-2005-0595 CVE-2007-6377 Command ISAPI MFC Overflow bid:12673 bid:26803 bid:7387
Release Date
03/03/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Working_resources_inc.
CVSS Score
7.5