HTTP: MnSCU/PALS WebPALS Remote Execution
This signature detects attempts to exploit the vulnerability in the WebPALS CGI script. Successful exploitation of this vulnerability can allow an attacker to execute arbitrary code with root permissions.
Extended Description
A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.
Affected Products
Mnscu/pals webpals
References
BugTraq: 2372
CVE: CVE-2001-0216
URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html
Short Name
HTTP:CGI:WEBPALS-EXEC
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2001-0216 Execution MnSCU/PALS Remote WebPALS bid:2372
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mnscu/pals
CVSS Score
7.5