Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:CGI:WEBPALS-EXEC

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 MnSCU/PALS WebPALS Remote Execution

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: MnSCU/PALS WebPALS Remote Execution


This signature detects attempts to exploit the vulnerability in the WebPALS CGI script. Successful exploitation of this vulnerability can allow an attacker to execute arbitrary code with root permissions.

Extended Description

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

Affected Products

  • MnSCU/PALS WebPALS 1.0.0

References

  • BugTraq: 2372
  • CVE: CVE-2001-0216
  • URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out