Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP file upload directory traversal

Rule Explanation

This event is generated when network traffic that indicates a file has been uploaded to a location inside the protected network via http using a vulnerbility in PHP. Impact: Unknown. Details: This event indicates that a file has been uploaded to a location inside the protected network via http. This may indicate that an attacker is trying to upload code that could be executed or used in conjunction with another attack. In particular, this event indicates that a vulnerbility in PHP is being leveraged as the attack vector. User supplied data in the Content-Dispostion parameter of a file upload is not properly checked or sanitized. As a result an attacker can craft an http POST request to an affected server and upload files of their choosing to the server. Ease of Attack: Simple.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Judy Novak Nigel Houghton

Rule Groups

No rule groups

CVE

None

Additional Links

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None