HTTP: RaXnet Cacti Graph_Image.PHP Remote Command Execution
This signature detects attempts to exploit a known vulnerability in the RaXnet Cacti Graph_Image.PHP. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in remote command execution.
Extended Description
Cacti is prone to a remote command execution vulnerability. User-supplied input to the 'graph_image.php' script is not properly sanitized and allows attackers to execute arbitrary commands in the context of the server. This can facilitate various attacks including unauthorized access to an affected computer. Cacti 0.8.6d and prior versions are reportedly affected.
Affected Products
Raxnet cacti
References
BugTraq: 14042
Short Name
HTTP:PHP:RAXNET-CACTI-RCE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Cacti Command Execution Graph_Image.PHP RaXnet Remote bid:14042
Release Date
10/31/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Raxnet