Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:SQL:INJ:BIZTALK |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Biztalk Server SQL Injection |
Release Date |
2003/05/28 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Biztalk Server SQL Injection
This signature detects attempts to exploit a known vulnerability in Microsoft BizTalk Server 2000 and BizTalk Server 2002. Attackers can send maliciously crafted code to the BizTalk Server to execute arbitrary commands on a Microsoft Windows Server, with system privileges.
Extended Description
A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. This vulnerability may be the result of inadequate sanitization of user-supplied values for some parameters. A remote attacker may exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database.
Affected Products
- Microsoft biztalk_server_2000_developer_edition SP1a
- Microsoft biztalk_server_2000_developer_edition SP2
- Microsoft biztalk_server_2000_developer_edition
- Microsoft biztalk_server_2000_enterprise_edition SP1a
- Microsoft biztalk_server_2000_enterprise_edition SP2
- Microsoft biztalk_server_2000_enterprise_edition
- Microsoft biztalk_server_2000_standard_edition SP1a
- Microsoft biztalk_server_2000_standard_edition SP2
- Microsoft biztalk_server_2000_standard_edition
- Microsoft biztalk_server_2002_developer_edition
- Microsoft biztalk_server_2002_enterprise_edition
References