Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:AUDIT:UNWISE-CHAR

Severity

 Minor

Recommended

 No

Category

 HTTP

Keywords

 Unwise Characters in URL

Release Date

 2011/10/11

Update Number

 2008

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Unwise Characters in URL


This signature detects "unwise" characters in a URL, as defined by RFC-2396, "Uniform Resource Identifiers (URI): Generic Syntax". These characters may be an indication that SQL injection or other malicious activity may be occurring. It could also be the result of improper or poor web application design. If you are seeing a large number of hits on this signature to confirmed benign web applications, you may need to exempt those web applications until those web applications can be corrected. This is not a false positive, as the web application is failing to adhere to RFC standards.

Extended Description

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.

Affected Products

  • Cp_multi_view_event_calendar_project cp_multi_view_event_calendar 1.0.1

References

  • CVE: CVE-2010-0678
  • CVE: CVE-2010-0795
  • CVE: CVE-2014-8586
  • CVE: CVE-2017-12500
  • URL: http://www.ietf.org/rfc/rfc2396.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out