Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:MISC:SYMANTEC-COMMAND-EXEC
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Symantec Encryption Management Server Local Command Injection
Release Date	2015/03/02
Update Number	2471
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Symantec Encryption Management Server Local Command Injection

This signature detects attempts to exploit a known vulnerability against Symantec Encryption Management. A successful exploit can lead to remote command execution.

Extended Description

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

Affected Products

Symantec encryption_management_server 3.3.2
Symantec pgp_universal_server 3.3.2

References

BugTraq: 72308
CVE: CVE-2014-7288

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Symantec Encryption Management Server Local Command Injection

Extended Description

Affected Products

References