HTTP: WebGate WESPSDK WESPDiscovery unsafe ActiveX control

This signature detects attempts to use unsafe ActiveX controls in WebGate WESPSDK. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control.

Affected Products

Webgate control_center

References

CVE: CVE-2015-2100

Short Name
HTTP:STC:ACTIVEX:WEBGATE-WESP
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2015-2100 WESPDiscovery WESPSDK WebGate control unsafe
Release Date
03/16/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3797
False Positive
Unknown
Vendors

Webgate

CVSS Score

6.8

Found a potential security threat?