1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
Rule:
--
Sid:
--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in the PHP web application Gallery running on a server.
--
Impact:
Possible execution of arbitrary code.
--
Detailed Information:
This event is generated when an attempt is made to include script when
accessing the file index.php for the PHP application Gallery. This
application fails to properly check the source of an included file in
the script index.php. As a result an attacker is presented with the
opportunity to execute code of their choosing with the privileges of the
user running the web server.
--
Affected Systems:
All systems running the PHP application Calerndar.
--
Attack Scenarios:
An attacker can include code of their choosing by supplying a URI to
their script as a parameter to the HTTP GET request.
--
Ease of Attack:
Simple. No exploit required.
--
False Positives:
None known.
--
False Negatives:
None known.
--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
--
|
