Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:GIF-HEADER-EVASION

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 PHP GIF TimThumb WordPress Command Execution William Metcalf

Release Date

 2012/06/05

Update Number

 2146

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: PHP With GIF Header Evasion Command Execution


This signature detects PHP files with GIF image headers. WordPress blogs which use the "TimThumb" graphics manipulation library are vulnerable to PHP command execution when such files are passed to them for processing. This vulnerability is being actively exploited by BotNets as of June 2012.

References

  • URL: http://www.emergingthreatspro.com/bot-of-the-day/under-my-timthumbs-thumb/
  • URL: http://code.google.com/p/timthumb/
  • URL: http://wordpress.org/
  • URL: http://blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out