SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. Impact: CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:
This rule will alert when an attempt to exploit a known arbitrary file/read write attempt is detected.
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
Local File Inclusion
Local File Inclusion (LFI) attackers attempt to trick the web server into executing a file local to its own file system. The attacker might have saved the file there in another way first, or the target file could be a local executable that should not be accessible to the web server otherwise. A successful LFI can lead to data leaks or remote code execution. Avoid dynamic inclusion of user input files, or whitelist files that may be included.
CVE-2014-0600 |
Loading description
|
Tactic: Impact
Technique: Stored Data Manipulation
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org