HTTP: Layton Technologies Helpbox editrequestuser.asp Possible Authorization Bypass
This signature detects attempts to access a vulnerable Layton Helpbox script. Due to a critical bug in the application, such attempts could allow an attacker to bypass mandatory authorization checks and gain access to sensitive user data.
Extended Description
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
Affected Products
Layton_technology helpbox
Short Name
HTTP:LAYTON-HELPBOX-AUTH-BYPASS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authorization Bypass CVE-2012-4975 Helpbox Layton Possible Technologies bid:56298 editrequestuser.asp
Release Date
01/18/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Layton_technology
CVSS Score
4.0