Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:IIS:CMS:MAL-CMS-REQ

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Malformed Content Management Server Request

Release Date

 2007/04/10

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Malformed Content Management Server Request


This signature detects attempts to exploit a known vulnerability against Microsoft Content Management Server. Versions 2001 SP1 through 2002 SP2 are vulnerable. A successful attack can lead to a denial-of-service (DoS) condition or arbitrary code execution.

Extended Description

Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application.

Affected Products

  • HP Storage Management Appliance 2.1
  • Microsoft Content Management Server 2001 SP1
  • Microsoft Content Management Server 2001
  • Microsoft Content Management Server 2002 SP1
  • Microsoft Content Management Server 2002 SP2
  • Microsoft Content Management Server 2002

References

  • BugTraq: 22861
  • CVE: CVE-2007-0938
  • CVE: CVE-2007-0939
  • URL: http://www.microsoft.com/technet/security/Bulletin/MS07-018.mspx
  • URL: http://www.kb.cert.org/vuls/id/434137
  • URL: http://www.securitytracker.com/id?1017894

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out