Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1080 |
Message | WEB-MISC unify eWave ServletExec upload |
Summary | This event is generated when an attempt is made to access the Unify eWave ServletExec uploader servlet, which may lead to a web server compromise. |
Impact | Serious. Execution of arbitrary code is possible. |
Detailed Information | Unify eWave ServletExec is a webserver-based JSP and Java Servlet environment available for many popular web servers (e.g., Apache, Netscape web server, and IIS). Versions of ServletExec before 3.0E contain a vulnerability in UploadServlet that could allow an attacker to upload arbitrary files, including executables used to compromise the web server. |
Affected Systems | Unify eWave ServletExec versions before 3.0E. |
Attack Scenarios | Attacker sends a simple HTTP GET or POST like the following: GET http://target/servlet/com.unify.ewave.servletexec.UploadServlet HTTP/1.0 The attacker could upload any arbitrary file onto the web server, including executable code that can then be used to compromise the web server. |
Ease of Attack | Relatively simple handcrafted HTTP GET or POST. |
Corrective Action | Examine the packet to see if a web request was being done. Try to determine if the request was by a legitimate web admin or not. Determine from the web server's configuration whether it was a threat or not (e.g., whether the web server even runs ServletExec, and if so whether it was running a vulnerable version). |
Additional References | Bugtraq: BID 1868 Bugtraq: BID 1876 CVE: CVE-2000-1024 CVE: CVE-2000-1025 |
Rule References | bugtraq: 1868 bugtraq: 1876 cve: 2000-1024 cve: 2000-1025 nessus: 10570 |
--
DID:357069
--
http://www.aanval.com/