CVE-2015-5371
published 2015-07-06CVE-2015-5371: The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
93.16%
99.8th percentile
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP requests to SolarWinds Storage Manager that contain specially crafted URLs targeting the AuthenticationFilter bypass, followed by file upload activity resulting in script execution. ↗
- →Alert on arbitrary script uploads and subsequent execution originating from the SolarWinds Storage Manager web interface (AuthenticationFilter class), particularly on versions 5.1.0 and 5.7.1. ↗
- →The AuthenticationFilter class in SolarWinds Storage Manager is the specific attack surface; monitor for unexpected class-level bypass patterns in web server logs associated with this component. ↗
- ·The exact crafted URL patterns used to bypass the AuthenticationFilter are described as 'unspecified vectors' in the NVD advisory, limiting precise URL-based signature creation. ↗
- ·The exploit is cross-platform (Windows 32/64-bit and Linux 64-bit), so detection rules should not be scoped to a single OS environment. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2015-07-06
Published