Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:POSTNUKE-CMD-EXEC

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 postnuke php http directory traversal

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: PostNuke Theme Parameter Directory Traversal and Command Execution


This signature detects directory traversal attempts against the index.php script included with PostNuke. PostNuke versions 0.723 and earlier are vulnerable. Attackers can send a maliciously crafted request to index.php to traverse the directory structure and execute arbitrary commands.

Extended Description

A vulnerability has been discovered in PostNuke Phoenix 0.723 and earlier. The problem occurs in the theme handling engine and may be triggered through the use of directory traversal sequences.

Affected Products

  • PostNuke PostNuke Phoenix 0.722.0
  • PostNuke PostNuke Phoenix 0.723.0

References

  • BugTraq: 7048
  • URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html
  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln200.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out