Short Name |
HTTP:APACHE:KYLIN-REST-CMD-INJ |
---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Kylin REST API Command Injection |
Release Date |
2020/07/07 |
Update Number |
3296 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Apache Kylin REST API. A successful attack can lead to command injection and arbitrary code execution.
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.