SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Advantech WebAccess gmicons.asp directory traversal attempt
This event is generated when an attempted directory traversal attack is conducted against an internal server running Advantech WebAccess. Impact: Web Application Attack Details: Thevulnerabilityexistswhenthegmicons.asppage,exposedbytheAdvantechWebAccesswebserverlisteningonport80(HTTP), parses a multipart/form-data POST request. In particular, there is a lack of appropriate validation on the filename parameter of the picFile sub-part prior to utilizing it to form the resulting location where the picture file will be uploaded to. By placing NULL bytes within the correct location within the filename parameter, an attacker can bypass the implemented file upload checks to upload arbitrary files to the Advantech WebAccess webserver. Additionally, due to a lack of authorization checks and improper protection against directory traversal attacks, it is possible for unauthenticated attackers to exploit this vulnerability to upload files to any location on the Advantech WebAccess server that the web service has access to. Ease of Attack: Simple, no public proofs of concept yet.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2017-16736 |
Loading description
|