HTTP: ManageEngine Multiple Products File Attachment Directory Traversal
This signature detects directory traversal attack attempts on ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. A successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.
Extended Description
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Affected Products
Manageengine servicedesk_plus
References
CVE: CVE-2014-5301
URL: http://www.manageengine.com/products/service-desk/readme-9.0.html
Short Name
HTTP:DIR:MANAGEENGINE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Attachment CVE-2014-5301 Directory File ManageEngine Multiple Products Traversal
Release Date
01/28/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Manageengine
CVSS Score
9.0