HTTP: RedHat 6.2 Piranha passwd.php31
This signature detects attempts to exploit the vulnerable passwd.php3 cgi-bin script in the Piranha virtual server package (RedHat Linux 6.2). Because the script does not validate input properly, attackers can authenticate to the Piranha package with the effective ID of the Web server and execute arbitrary commands.
Extended Description
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
Short Name
HTTP:PHP:REDHAT-PIRANHA-PASSWD1
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
6.2 CVE-2011-1266 Piranha RedHat bid:48173 passwd.php31
Release Date
09/30/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3470
False Positive
Unknown
CVSS Score
9.3