Short Name |
HTTP:MISC:WEB-BBS-CE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WebScripts WebBBS Remote Command Execution |
Release Date |
2013/04/24 |
Update Number |
2257 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against WebScripts WebBBS. A successful attack can lead to arbitrary command execution.
WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local, interactive access to the host with the privileges of the webserver process as a result of successful exploitation.