Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:PHP-NEWS-FILE-INC

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 PHP News File Inclusion

Release Date

 2005/08/16

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: PHP News File Inclusion


This signature detects an attemps to include remote file in a PHP News server. Succesfull exploitation of this vulnerability could lead to arbitrary code execution within the context of the Web Server.

Extended Description

It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue reportedly affects PHPNews version 1.2.4, previous versions might also be affected.

Affected Products

  • PHPNews 1.2.3
  • PHPNews 1.2.4

References

  • BugTraq: 12696
  • CVE: CVE-2005-0632
  • URL: http://securitytracker.com/id?1013345
  • URL: http://www.securityfocus.com/bid/12696

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out