ET WEB_SPECIFIC_APPS Possible WP CuckooTap Arbitrary File Download

Notice: Monitoring services will be discontinued from March 31st, 2019.

This signature detects HTTP requests that attempt to exploit a remote file include vulnerability in the Wordpress links.all.php script. Wordpress allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

A vulnerability has been reported for Wordpress. The problem is said to occur due to insufficient sanitization of user-supplied URI parameters.

Specifically the '$abspath' variable, which is used as an argument to the PHP require() function, is not sufficiently sanitized of malicious input. As a result, an attacker may be capable of including a malicious 'blog.header.php' from a controlled web server. This may result in the execution of PHP commands located within the script. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary PHP commands on a target server, with the privileges of Wordpress. PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

CVSS Scores & Vulnerability Types

CVSS Score                  7.5
Confidentiality Impact     Partial (There is considerable informational disclosure.)
Integrity Impact              Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)

Availability Impact           Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity         Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication               Not required (Authentication is not required to exploit the vulnerability.)
Gained Access              None
Vulnerability Type(s)      Execute CodeFile Inclusion
CWE ID                        94

Products Affected By CVE-2003-1599

-Wordpress 0.70

Solution


-Update the Wordpress to the latest version

  • 11 Users Found This Useful
Was this answer helpful?

Related Articles

ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body

Notice: Monitoring services will be discontinued from March 31st, 2019. Systems...

ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted

Notice: Monitoring services will be discontinued from March 31st, 2019. HTTP Basic...

ET WEB_SERVER MYSQL Benchmark Command in URI to Consume Server Resources

Notice: Monitoring services will be discontinued from March 31st, 2019. The MySQL database is an...

ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability

Notice: Monitoring services will be discontinued from March 31st, 2019. Vulnerabilities in PHP...

ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269)

Notice: Monitoring services will be discontinued from March 31st, 2019. A vulnerability exists...