HTTP: SQL xp_cmdshell Command Shell Request

This signature detects any xp_cmdshell requests over HTTP. It could also be a false positive. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Extended Description

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected Products

Ivanti endpoint_manager

References

CVE: CVE-2024-29824

URL: http://msdn2.microsoft.com/en-us/library/Aa260689(SQL.80).aspx http://technet.microsoft.com/en-us/library/ms190693.aspx http://www.databasejournal.com/features/mssql/article.php/3372131

Short Name

HTTP:SQL:INJ:XPCMDSHELL

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: SQL xp_cmdshell Command Shell Request

Extended Description

Affected Products

References

Found a potential security threat?