Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CGI:MAGENTO-RCE
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Magento Web Application Parameter Remote Code Execution
Release Date	2016/01/21
Update Number	2624
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Magento Web Application Parameter Remote Code Execution

This signature detects an attempt to a known vulnerability in Magento Web Application through a crafted parameter. Successful exploitation could allow an attacker to cause remote code execution into the context of running application.

Extended Description

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

Affected Products

Magento magento 1.14.1.0
Magento magento 1.9.1.0

References

CVE: CVE-2015-3457
URL: http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Magento Web Application Parameter Remote Code Execution

Extended Description

Affected Products

References