HTTP: Exhibitor Web UI Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Exhibitor Web UI. A successful attack can lead to arbitrary code execution.

Extended Description

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

Affected Products

Exhibitor_project exhibitor

References

CVE: CVE-2019-5029

Short Name
HTTP:CTS:EXHIBITOR-WEB-UI-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-5029 Code Execution Exhibitor Remote UI Web
Release Date
01/17/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3457
False Positive
Unknown
Vendors

Exhibitor_project

CVSS Score

10.0

Found a potential security threat?