Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:PHP:PACER-CMS-FILE-DELETE1 |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Pacer Edition CMS rm Parameter Arbitrary File Deletion1 |
Release Date |
2015/09/30 |
Update Number |
2541 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Pacer Edition CMS rm Parameter Arbitrary File Deletion1
This signature detects attempts to exploit a known vulnerability in Pacer Edition CMS. An unprivileged attacker can use a directory traversal attack against a vulnerable server to verify file existence, access file contents, and delete files, or launching further attacks.
References
- BugTraq: 58570
- URL: https://bugzilla.mozilla.org/show_bug.cgi?id=813906
- URL: http://binvul.com/viewthread.php?tid=311
- URL: https://rh0dev.github.io/blog/2015/fun-with-info-leaks/
- URL: http://www.adobe.com/support/security/bulletins/apsb13-15.html
- URL: http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
- URL: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- URL: http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
- URL: http://blogs.technet.com/b/mmpc/archive/2014/02/17/a-journey-to-cve-2014-0497-exploit.aspx