Signature Detail
Short Name |
HTTP:BADBLUE:MFC-ISAPI-CMD-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
BadBlue MFC ISAPI Command Overflow |
Release Date |
2005/03/02 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: BadBlue MFC ISAPI Command Overflow
This signature detects attempts to exploit a known vulnerability against the BadBlue HTTP server. Attackers can send a malformed MFC ISAPI command to overflow a buffer and execute arbitrary code. This signature should only be used to examine traffic going to BadBlue HTTP servers.
Extended Description
A remote buffer overflow vulnerability affects Working Resources BadBlue. This issue is due to a failure of the application to securely copy GET request parameters into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected Web server, facilitating a SYSTEM level compromise.
Affected Products
- Working Resources Inc. BadBlue 2.55.0
References
- BugTraq: 12673
- CVE: CVE-2005-0595
- CVE: CVE-2007-6377