Signature Detail

HTTP: SQL Command in URL

This signature detects a SQL command in a URL. Because SQL commands are not normally used in HTTP connections, this can indicate a SQL injection attack. This can also be a false positive. To reduce false positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's Web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Extended Description

Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process which will allow malicious local users to gain root on the system. During the installation process a large number of files are left world readable and writable. One such file, /opt/SUNWicsrv/cal/bin/iplncal.sh is designed to be run at startup as root and is world writable by default. This allows users to modify the contents of this startup script and have it executed at boot up time or whenever the machine is re-initialized.

Affected Products

• Netscape iCal 2.1.0 Patch2

References

• BugTraq: 67754
• BugTraq: 22593
• BugTraq: 1768
• BugTraq: 66302
• CVE: CVE-2015-1605
• CVE: CVE-2011-4340
• CVE: CVE-2014-1651
• CVE: CVE-2000-0402
• CVE: CVE-2014-2587