HTTP: WinACE RAR and TAR Directory Traversal
This signature detects attempts to exploit a known vulnerability in WinACE. It is due to insufficient input validation. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with the privileges of the Administrator user.
Extended Description
Reportedly, an attacker can carry out directory-traversal attacks. These issues present themselves when the application processes malformed archives. A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploitation may aid in further attacks.
Affected Products
Winace winace
Short Name
HTTP:DIR:WINACE-DIR-TRVRS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-0981 CVE-2022-30333 Directory RAR TAR Traversal WinACE and bid:16800
Release Date
06/30/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3699
False Positive
Unknown
Vendors
Winace
CVSS Score
4.0