HTTP: Includer.cgi Remote Command Execution
This signature detects attempts to exploit a known vulnerability in The Includer. Attackers can send a maliciously crafted HTTP request that could cause arbitrary commands to be executed on the affected server, with permissions of the Web service.
Extended Description
The Includer is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary command in the context of the Web server that is hosting the affected software.
Affected Products
Jimmy_<wordx@hotmail.com> the_includer
Short Name
HTTP:CGI:INCLUDER-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-0689 Command Execution Includer.cgi Remote bid:12738
Release Date
11/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Jimmy_<wordx@hotmail.com>
CVSS Score
7.5