1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Rule:
--
Sid: 2141
--
Summary:
This event is generated when an attempt is made to exploit a weakness in the php application shoutbox.
--
Impact:
Information gathering possible execution of arbitrary code and remote access to the host.
--
Detailed Information:
This event indicates that an attempt has been made to exploit a weakness in the php application shoutbox. Specifically the rule generates an event when directory traversal is attempted.
The attacker may be trying to gain information on the php implementation on the host, this may be the prelude to an attack against that host using that information.
--
Affected Systems:
Any host using php.
--
Attack Scenarios:
An attacker can retrieve a sensitive file containing information on the the host. The attacker might then gain administrator access to the host or execute arbitrary code.
--
Ease of Attack:
Simple.
--
False Positives:
None Known.
--
False Negatives:
None Known.
--
Corrective Action:
Check the php implementation on the host. Ensure all measures have been taken to deny access to sensitive files.
Apply the appropriate vendor supplied patches.
Upgrade to the latest non-affected version of the software.
Check the host for signs of compromise.
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
--
|
