Short Name |
HTTP:AUDIT:REMOTE-URL-IN-VAR |
---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Remote URL In HTTP Variable |
Release Date |
2011/04/06 |
Update Number |
1897 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects a remote URL submitted in a HTTP variable. This can be normal web-submission activity, but it can also indicate a possible remote-code injection attack. Non-malicious use is common.
Insert User for phpBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. This issue affects Insert User 0.1.2 and prior versions.