HTTP: Magento Web Application Parameter Remote Code Execution
This signature detects an attempt to a known vulnerability in Magento Web Application through a crafted parameter. Successful exploitation could allow an attacker to cause remote code execution into the context of running application.
Extended Description
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.
Affected Products
Magento magento
References
BugTraq: 74420
CVE: CVE-2015-3457
URL: http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Short Name
HTTP:CGI:MAGENTO-RCE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Application CVE-2015-3457 Code Execution Magento Parameter Remote Web bid:74420
Release Date
01/21/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3809
False Positive
Rarely
Vendors
Magento
CVSS Score
5.0