Signature Detail

Short Name	HTTP:PHP:YABBSE-SSI-INCLUDE
Severity	Medium
Recommended	No
Category	HTTP
Keywords	YabbSE SSI.php Remote PHP Code Inclusion
Release Date	2003/06/04
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: YabbSE SSI.php Remote PHP Code Inclusion

This signature detects attempts to exploit a known vulnerability in YabbSE, a PHP/MySQL port of the forum software YaBB (another bulletin board). YabbSE versions 1.5.2 and earlier are vulnerable. Attackers can include PHP code in a maliciously crafted URL request; when YabbSE receives the request it runs the PHP code, enabling the attacker to execute arbitrary commands on the server.

Extended Description

Remote attackers could exploit this vulnerability to execute arbitrary code.

References

CVE: CVE-2003-0275
URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1547.html
URL: http://nvd.nist.gov/nvd.cfm?cvename=CAN-2003-0275

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: YabbSE SSI.php Remote PHP Code Inclusion

Extended Description

References