ET WEB_SERVER possible SAP Crystal Report Server 2008 path parameter Directory Traversal vulnerability

SID: 2015035Rev: 40 views
History
Sourceet/open
CreatedJuly 7, 2012
UpdatedNovember 26, 2024
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER possible SAP Crystal Report Server 2008 path parameter Directory Traversal vulnerability"; flow:established,to_server; content:"|2e 2e 2f|"; nocase; depth:200; http.uri; content:"/PerformanceManagement/jsp/qa.jsp?"; nocase; content:"func="; nocase; content:"root="; nocase; content:"path="; nocase; reference:url,1337day.com/exploits/15332; classtype:web-application-attack; sid:2015035; rev:4; metadata:created_at 2012_07_07, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)

References

url1337day.com/exploits/15332

Metadata

created at2012_07_07
deploymentInternal
confidenceHigh
signature severityMajor
updated at2024_11_26
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1083
mitre technique nameFile_And_Directory_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!