cbcvebase.
CVE-2015-5371
published 2015-07-06

CVE-2015-5371: The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.

PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
93.16%
99.8th percentile
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.

Detection & IOCsextracted from sources · hover to see the quote

url/SolarWindsStorageManager/servlet/ProcessFileUpload.jsp
  • Monitor for unauthenticated HTTP requests to SolarWinds Storage Manager that contain specially crafted URLs targeting the AuthenticationFilter bypass, followed by file upload activity resulting in script execution.
  • Alert on arbitrary script uploads and subsequent execution originating from the SolarWinds Storage Manager web interface (AuthenticationFilter class), particularly on versions 5.1.0 and 5.7.1.
  • The AuthenticationFilter class in SolarWinds Storage Manager is the specific attack surface; monitor for unexpected class-level bypass patterns in web server logs associated with this component.
  • ·The exact crafted URL patterns used to bypass the AuthenticationFilter are described as 'unspecified vectors' in the NVD advisory, limiting precise URL-based signature creation.
  • ·The exploit is cross-platform (Windows 32/64-bit and Linux 64-bit), so detection rules should not be scoped to a single OS environment.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.