HTTP: ArdeaCore ardeaInit pathForArdeaCore parameter Remote File Inclusion
This signature detects attempts to exploit a known remote file inclusion vulnerability in ardeaCore. It is due to insufficient validation of user-supplied input to ardeaInit.php script. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.
Extended Description
ardeaCore is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. ardeaCore 2.2 is affected; other versions may be vulnerable as well.
Affected Products
Maulana_al_matien ardeacore
Short Name
HTTP:PHP:ARDEACORE-RFI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ArdeaCore CVE-2010-4998 File Inclusion Remote ardeaInit bid:40811 parameter pathForArdeaCore
Release Date
11/10/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Maulana_al_matien
CVSS Score
7.5