HTTP:Douran Portal 'download.aspx' Arbitrary File Download Vulnerability
This signature detects attempts to exploit a known vulnerability against Douran Portal. Version 3.9.7.8 is vulnerable. A successful attack can allow an attacker to view arbitrary files within the context of the application.
Extended Description
Douran Portal is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. Douran Portal 3.9.7.8 is affected; other versions may also be vulnerable.
Affected Products
Douran_portal douran_portal
References
BugTraq: 46927
Short Name
HTTP:DOURAN-ARB-FILE-DL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
'download.aspx' Arbitrary Douran Download File Portal Vulnerability bid:46927
Release Date
03/23/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Douran_portal