Short Name |
HTTP:DIR:MANAGEENGINE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ManageEngine Multiple Products File Attachment Directory Traversal |
Release Date |
2015/01/28 |
Update Number |
2462 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects directory traversal attack attempts on ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. A successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.