SHELLCODE: Metasploit php/base64 Encoder Routine Over HTTP-CTS
This signature detects payloads being transferred over network that have been encoded using php/base64 encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Affected Products
Wordpress wordpress
Short Name
SHELLCODE:PHP:BASE64-80C
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2016-10045 CVE-2017-18357 CVE-2017-7411 Encoder HTTP-CTS Metasploit Over Routine php/base64
Release Date
07/21/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Joomla
Wordpress
Phpmailer_project
CVSS Score
7.5
6.5
4.0