HTTP: DupScout Enterprise Import Command Buffer Overflow

This signature detects attempts to exploit a known vulnerability against DupScout Enterprise. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Extended Description

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.

Affected Products

Flexense diskboss

References

BugTraq: 97237

CVE: CVE-2017-7310

Short Name
HTTP:STC:DL:DUPSCOUT-XML-OF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2017-7310 Command DupScout Enterprise Import Overflow bid:97237
Release Date
06/21/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Flexense

CVSS Score

6.8

Found a potential security threat?