SQL -- Snort has detected traffic associated with SQL injection or the presence of other vulnerabilities against SQL like servers.
SQL generic sql insert injection attempt - GET parameter
This event indicates that an attempt has been made to inject SQL code from a remote machine via the "insert" command. Impact: CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL Details: This event indicates that an attempt has been made to inject SQL code from a remote machine via the "insert" command. A SQL injection attack involves the alteration of SQL statements that are used within a web application through the use of attacker-supplied data. Insufficient input validation and improper construction of SQL statements in web applications can expose them to SQL injection attacks. Although the effects of a successful SQL injection attack vary based on the targeted application and how that application processes user-supplied data, SQL injection can generally be used to perform the following types of attacks: Authentication Bypass Information Disclosure Compromised Data Integrity Compromised Availability of Data Remote Command Execution Recommendation: Upgrade to the latest version of software and apply the appropriate vendor-supplied patches. Ensure your anti-malware software has up-to-date signatures. The internal host should be checked for potential compromise. A SQL injection attack can be detected and potentially blocked at two locations in an application traffic flow: in the application and in the network. Defenses in the Application - There are several ways in which an application can defend against SQL injection attacks. The primary approaches include validation of user-supplied data, in the form of whitelisting or blacklisting, and the construction of SQL statements such that user-supplied data cannot influence the logic of the statement. Defenses in the Network - Although each application should ideally provide its own input validation, this situation is not always possible. In certain situations, applications cannot be updated to handle user-supplied data in a secure manner. In these circumstances, administrators and developers can add security to an existing application by leveraging technologies in the network, specifically intrusion prevention systems. Ease of Attack:
No information provided
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2012-2998 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
