Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:DOURAN-ARB-FILE-DL

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Douran Portal 'download.aspx' Arbitrary File Download Vulnerability

Release Date

 2011/03/23

Update Number

 1887

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP:Douran Portal 'download.aspx' Arbitrary File Download Vulnerability


This signature detects attempts to exploit a known vulnerability against Douran Portal. Version 3.9.7.8 is vulnerable. A successful attack can allow an attacker to view arbitrary files within the context of the application.

Extended Description

Douran Portal is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. Douran Portal 3.9.7.8 is affected; other versions may also be vulnerable.

Affected Products

  • Douran Portal 3.9.0 23
  • Douran Portal 3.9.5.0.1
  • Douran Portal 3.9.6.0
  • Douran Portal 3.9.7.55
  • Douran Portal 3.9.7.8

References

  • BugTraq: 46927

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out