Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SCAN:MISC:HTTP:BIGCONF-ACCESS

Severity

 Info

Recommended

 No

Category

 SCAN

Keywords

 Bigconf.cgi Access

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SCAN: Bigconf.cgi Access


This signature detects access to the bigconf.cgi file. Attackers can view arbitrary files on the Web server.

Extended Description

BigIP is a load balancing system from F5 software. It has a web-based configuration system, which is vulnerable to several standard CGI attacks. According to Guy Cohen <guy@crypto.org.il>, it is possible to view arbitrary files on the BSDI system which it is installed on. To add to this, the configuration program is installed setuid root. This is considered a local vulnerability since htaccess authentication is required to get to the configuration area. No more information on this vulnerability is available.

Affected Products

  • F5 BigIP 2.0.0

References

  • BugTraq: 778
  • CVE: CVE-1999-1550
  • URL: http://www.securityspace.com/smysecure/catid.html?id=10027

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out