GEN:SID | 1:1080 |
Message | WEB-MISC unify eWave ServletExec upload |
Summary | This event is generated when an attempt is made to access the Unify eWave ServletExec uploader servlet, which may lead to a web server compromise.
|
Impact | Serious. Execution of arbitrary code is possible.
|
Detailed Information | Unify eWave ServletExec is a webserver-based JSP and Java Servlet environment available for many popular web servers (e.g., Apache, Netscape web server, and IIS). Versions of ServletExec before 3.0E contain a vulnerability in UploadServlet that could allow an attacker to upload arbitrary files, including executables used to compromise the web server.
|
Affected Systems | Unify eWave ServletExec versions before 3.0E.
|
Attack Scenarios | Attacker sends a simple HTTP GET or POST like the following: GET http://target/servlet/com.unify.ewave.servletexec.UploadServlet HTTP/1.0
The attacker could upload any arbitrary file onto the web server, including executable code that can then be used to compromise the web server.
|
Ease of Attack | Relatively simple handcrafted HTTP GET or POST.
|
Corrective Action | Examine the packet to see if a web request was being done. Try to determine if the request was by a legitimate web admin or not. Determine from the web server's configuration whether it was a threat or not (e.g., whether the web server even runs ServletExec, and if so whether it was running a vulnerable version).
|
Additional References | Bugtraq: BID 1868 Bugtraq: BID 1876 CVE: CVE-2000-1024 CVE: CVE-2000-1025
|
Rule References | bugtraq: 1868
bugtraq: 1876
cve: 2000-1024
cve: 2000-1025
nessus: 10570
|