Signature Detail
Short Name |
HTTP:CGI:IKONBOARD-BADCOOKIE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Ikonboard cgi format string |
Release Date |
2003/06/18 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Ikonboard Illegal Cookie Language
This signature detects attempts to exploit a known vulnerability in IkonBoard, a popular Web-based discussion board. Attackers can send a maliciously crafted cookie that contains illegal characters to IkonBoard to execute arbitrary code with IkonBoard priveleges (typically user level).
Extended Description
It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. An attacker may exploit this issue to execute arbitrary commands in the security context of the web server hosting the vulnerable IkonBoard.
Affected Products
- Ikonboard.com ikonboard 3.1.1
- Ikonboard.com ikonboard 3.1.2 a
References
- BugTraq: 7361
- URL: http://securityfocus.com/bid/7361