SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP file upload directory traversal
This event is generated when network traffic that indicates a file has been uploaded to a location inside the protected network via http using a vulnerbility in PHP. Impact: Unknown. Details: This event indicates that a file has been uploaded to a location inside the protected network via http. This may indicate that an attacker is trying to upload code that could be executed or used in conjunction with another attack. In particular, this event indicates that a vulnerbility in PHP is being leveraged as the attack vector. User supplied data in the Content-Dispostion parameter of a file upload is not properly checked or sanitized. As a result an attacker can craft an http POST request to an affected server and upload files of their choosing to the server. Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos Judy Novak Nigel Houghton
No rule groups
None
No information provided
None