Short Name |
HTTP:PHP:REDHAT-PIRANHA-PASSWD1 |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
RedHat 6.2 Piranha passwd.php31 |
Release Date |
2015/09/30 |
Update Number |
2541 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit the vulnerable passwd.php3 cgi-bin script in the Piranha virtual server package (RedHat Linux 6.2). Because the script does not validate input properly, attackers can authenticate to the Piranha package with the effective ID of the Web server and execute arbitrary commands.
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."