NetProwler 3.5.1 Security Update 14

March 1, 2002
NetProwler 3.5.1 Security Update 14

Description

NetProwler 3.5.1 SU14 introduces a signature that detects attempts to exploit vulnerabilities in the PHP file upload feature, versions 4.1.2 and prior. An attacker can gain system-level, remote access or cause a DoS by overflowing a buffer in the file upload feature of the PHP scripting language engine. Click here to read more about this exploit. You may obtain NetProwler 3.5.1 SU14 through the product's auto-update feature.

Security Update 14 Signatures

PHP_POST_File_Upload_Root

Vulnerabilities exist in the file-uploading feature of the PHP scripting language, versions prior to 4.1.2. A malformed file upload request may overflow a buffer, thus granting the malicious user remote access to the server.

http://www.cert.org/advisories/CA-2002-05.html

Last modified on: Tuesday, 11-Jun-02 18:48:43