HTTP: LibreOffice WEBSERVICE Information Disclosure

This signature detects attempts to exploit a known vulnerability in the LibreOffice. Successful exploitation could result in disclosure of information by reading arbitrary files.

Extended Description

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Affected Products

Libreoffice libreoffice

References

CVE: CVE-2018-6871

Short Name
HTTP:STC:DL:LIBREOFFICE-ID
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-6871 Disclosure Information LibreOffice WEBSERVICE
Release Date
06/04/2018
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3718
False Positive
Unknown
Vendors

Libreoffice

Debian

Redhat

Canonical

CVSS Score

5.0

Found a potential security threat?