Signature Detail
Short Name |
HTTP:MISC:WEB-BBS-CE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WebScripts WebBBS Remote Command Execution |
Release Date |
2013/04/24 |
Update Number |
2257 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: WebScripts WebBBS Remote Command Execution
This signature detects attempts to exploit a known vulnerability against WebScripts WebBBS. A successful attack can lead to arbitrary command execution.
Extended Description
WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local, interactive access to the host with the privileges of the webserver process as a result of successful exploitation.
Affected Products
- WebScripts WebBBS 4.0.0
- WebScripts WebBBS 4.1.0
- WebScripts WebBBS 4.10.0
- WebScripts WebBBS 4.11.0
- WebScripts WebBBS 4.12.0
- WebScripts WebBBS 4.2.0
- WebScripts WebBBS 4.20.0
- WebScripts WebBBS 4.21.0
- WebScripts WebBBS 4.22.0
- WebScripts WebBBS 4.30.0
- WebScripts WebBBS 4.31.0
- WebScripts WebBBS 4.32.0
- WebScripts WebBBS 4.33.0
- WebScripts WebBBS 5.0.0
References
- BugTraq: 5048
- CVE: CVE-2002-1993