Signature Detail
Short Name |
HTTP:CGI:SMARTSEARCH-EXEC |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: SmartSearch.cgi Keywords Input Validation Error
This signature detects attempts to exploit an input validation vulnerability in the keywords parameter in SmartSearch CGI. Attackers can submit a malicious request containing the pipe (|) character to smartsearch.cgi to execute arbitrary commands.
Extended Description
Successful exploitation of the vulnerability could allow an attacker to run arbitrary commands or code with the privileges of the web server.