NetIQ Sentinel Server Authentication BypassĬisco Prime Infrastructure/EPNM Remote Code Execution 1 HTTP Request with Malformed Content-Type Header 3 Oracle GlassFish Server Directory TraversalĪpache Struts XSLTResult Remote Code ExecutionĪpache Struts Dynamic Method Invocation Remote Code Execution 1Īpache Struts Dynamic Method Invocation Remote Code Execution 2Īpache Struts REST Plugin Remote Code Execution Oracle Application Testing Suite Authentication Bypass 2 Oracle Application Testing Suite Directory Traversal 4
Oracle Application Testing Suite Directory Traversal 3 Oracle Application Testing Suite Authentication Bypass 1 Oracle Application Testing Suite Directory Traversal 2 Oracle Application Testing Suite Directory Traversal 1
Joomla! User-Agent Header Remote Code Execution ManageEngine Desktop Central Arbitrary File Creation 1
Trend Micro OfficeScan Encrypted Password Buffer Overflow 2
Proxy-Pro Professional GateKeeper Buffer Overflow Trend Micro OfficeScan Encrypted Password Buffer Overflow 3Īpache Struts 2 Jakarta Remote Code Execution (S2-045) 1Īpache Struts 2 Jakarta Remote Code Execution (S2-045) 2Īpache Struts 2 Jakarta Remote Code Execution (S2-045) 3 GNU Bash Remote Code Execution (CVE-2014-6271) 3 SonicWall Email Security CVE-2021-20022 Vulnerability Symantec Secure Web Gateway Remote Code execution McAfee Enterprise Security Manager Authentication Bypass GNU Bash Remote Code Execution (CVE-2014-6271) 1 These attacks are classified as medium priority threats. Attackers can gain access to the camera by slightly modifying the URL request that they enter into their browser, bypassing the security system. For example, the Axis Network Camera has an authentication routine for users who wish to remotely access the camera. The final type of attack allows attackers to bypass authentication routines for certain web applications. If a server is not meant to allow users to upload or edit content but administrators notice a large number of PUT or DELETE HTTP requests, they can consider enabling the signatures for prevention becaue there is a good chance that attackers are attempting to vandalise their server. Most servers, however, are configured by default to ignore these requests, so these signatures are set only to detect such traffic. These commands allow users to add or delete files on a server, and can be a security threat if the server is configured to handle these requests and has no way to verify their source. The second type of attack involves usage of the PUT and DELETE requests that are part of the HTTP standard. Signatures in this group range from low- to high-priority. While dangerous, the chance of such an attack succeeding is low. On very badly written applications, this type of attack can allow attackers to change file permissions on a server, steal passwords, or execute arbitrary scripts. The first are web application attacks that attempt to input commands directly into the application, hoping that the application fails to verify the source of the input. This category contains three main groups of attacks. This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent attacks targeted at servers through standard internet ports. Category: WEB-ATTACKS Web-Attacks Category Description