1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
Rule:
--
Sid:
2137
--
Summary:
This event is generated when an attempt is made to access the administration page for the Philboard ASP application.
--
Impact:
Possible administrator access.
--
Detailed Information:
This event indicates that an attempt has been made to access the administration page for the Philboard Active Server Page (ASP) application.
This rule generates an event if the attacker makes a request for the administration page from a source external to the protected network.
--
Affected Systems:
Any host using Philboard.
--
Attack Scenarios:
An attacker can gain administrator access to the application by making a simple web request if a specific cookie value is set to "True".
--
Ease of Attack:
Simple. No exploit software required.
--
False Positives:
This event may be generated by an administrator accessing the administration page from an external source.
The event will also be generated if Nessus is used to scan the host for this vulnerability.
--
False Negatives:
None Known.
--
Corrective Action:
Upgrade to the latest non-affected version of the software.
Deny access to this page from sources external to the protected network.
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
--
|
