HTTP: Pacer Edition CMS rm Parameter Arbitrary File Deletion
This signature detects attempts to exploit a known vulnerability in Pacer Edition CMS. An unprivileged attacker can use a directory traversal attack against a vulnerable server to verify file existence, access file contents, and delete files, or launching further attacks.
Extended Description
The Pacer Edition CMSis prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the webserver. Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks. The Pacer Edition CMS RC 2.1 is vulnerable; prior versions may also be affected.
Affected Products
The_pacer_edition_cms the_pacer_edition_cms
Short Name
HTTP:PHP:PACER-CMS-FILE-DELETE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CMS Deletion Edition File Pacer Parameter bid:48213 rm
Release Date
06/20/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
The_pacer_edition_cms