HTTP: Windows Command Root.exe Probe
This signature detects the Windows command "root.exe" within a URL. This command does not normally appear in a URL, and can indicate an attempt to compromise the system.
Extended Description
Attackers could probe for vulnerable web servers, and if successful, could be able to execute arbitrary commands on the target in the context of the web server or administrator.
References
CVE: CVE-1999-0509
Short Name
HTTP:WIN-CMD:ROOT.EXE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-1996-11 CVE-1999-0509 Command Probe Root.exe Windows
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
10.0