Signature Detail

Short Name	HTTP:MISC:ALCATEL-OMNIPCX-CE
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
Release Date	2011/12/15
Update Number	2048
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This signature detects attempts to exploit a known vulnerability against Alcatel-Lucent OmniPCX Enterprise. A successful attack can lead to arbitrary command execution.

Extended Description

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible. Alcatel-Lucent OmniPCX Enterprise R7.1 and prior versions are vulnerable to this issue.

Affected Products

Alcatel-Lucent OmniPCX Enterpise 7
Alcatel-Lucent OmniPCX Enterprise 6.0
Alcatel-Lucent OmniPCX Enterprise 6.1
Alcatel-Lucent OmniPCX Enterprise 6.2
Alcatel-Lucent OmniPCX Enterprise 7.0
Alcatel-Lucent OmniPCX Enterprise 7.1
Alcatel-Lucent OmniPCX Enterprise

References

BugTraq: 25694
CVE: CVE-2007-3010

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

Extended Description

Affected Products

References