Short Name |
HTTP:LAYTON-HELPBOX-AUTH-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Layton Technologies Helpbox editrequestuser.asp Possible Authorization Bypass |
Release Date |
2013/01/18 |
Update Number |
2226 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to access a vulnerable Layton Helpbox script. Due to a critical bug in the application, such attempts could allow an attacker to bypass mandatory authorization checks and gain access to sensitive user data.
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.