Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1457 |
| Message | WEB-CGI user_update_admin.pl access |
| Summary | This event is generated when an attempt is made to exploit an authentication vulnerability in a web server or an application running on that server. |
| Impact | Information gathering and system integrity compromise. Possible unauthorized administrative access to the server or application. |
| Detailed Information | This event is generated when an attempt is made to exploit a known vulnerability in Blackboard CourseInfo running on a web server. Any valid user is able to modify the contents of the database by supplying form values of their choosing to the perl scripts running the application. |
| Affected Systems | Blackboard CourseInfo 4.0 for UNIX and Windws NT |
| Attack Scenarios | An attacker can access the authentication mechanism and supply his/her own credentials to gain access. Alternatively the attacker can exploit weaknesses to gain access as the administrator. |
| Ease of Attack | Simple. No exploit software required. |
| Corrective Action | Upgrade the application to the latest non-affected version of the software. |
| Additional References | |
| Rule References | bugtraq: 1486 cve: 2000-0627 |
--
DID:559129
--
http://www.aanval.com/