Short Name |
HTTP:EXPLOIT:REDMINE-CMD-EXEC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Redmine SCM Repository Arbitrary Command Execution |
Release Date |
2011/01/18 |
Update Number |
1849 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Redmine SCM Repository. A successful attack can lead to arbitrary code execution.
Redmine is prone to an information-disclosure vulnerability, an HTML-injection vulnerability, and a command-injection vulnerability. Exploiting these issues could allow an attacker to gain access to potentially sensitive information, inject arbitrary HTML code into the application, steal cookie-based authentication credentials, and execute arbitrary commands in the context of the webserver. Redmine versions prior to 1.0.5 are vulnerable.