Short Name |
HTTP:MISC:LIFESIZE-ROOM-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
LifeSize Room Command Injection |
Release Date |
2011/09/19 |
Update Number |
1995 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against LifeSize Room. It is due to insufficient validation of user supplied input in gateway.php script. A successful attack can lead to arbitrary code execution.
LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass authentication or execute arbitrary commands in the context of the application. LifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable.