CVE-2020-2011
published 2020-05-13CVE-2020-2011: An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.85%
76.4th percentile
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.14 | 8.1.14 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.7 | 9.0.7 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.0 | 9.1.0 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.14 | 8.1.14 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.1.0 | 9.1.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Panorama registration denial of service
vendor_paloalto·2020-05-13·CVSS 7.5
CVE-2020-2011 [HIGH] CWE-20 PAN-OS: Panorama registration denial of service
PAN-OS: Panorama registration denial of service
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0 and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only
GHSA
GHSA-hvgf-279c-6rmq: An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user
ghsa_unreviewed·2022-05-24
CVE-2020-2011 [HIGH] GHSA-hvgf-279c-6rmq: An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0.
Suricata
ET MALWARE Backdoor.Win32.Sykipot Get Config Request
suricata·2011-12-09
CVE-2011-2462 ET MALWARE Backdoor.Win32.Sykipot Get Config Request
ET MALWARE Backdoor.Win32.Sykipot Get Config Request
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.Sykipot Get Config Request"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/kys_allow_get.asp?"; content:"name=getkys.kys"; reference:cve,2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; classtype:trojan-activity; sid:2014008; rev:6; metadata:created_at 2011_12_09, cve CVE_2011_2462, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_21;)
Suricata
ET WEB_SPECIFIC_APPS Apache Tomcat Sort Parameter Cross Site Scripting Attempt
suricata·2011-06-24
CVE-2010-4172 ET WEB_SPECIFIC_APPS Apache Tomcat Sort Parameter Cross Site Scripting Attempt
ET WEB_SPECIFIC_APPS Apache Tomcat Sort Parameter Cross Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache Tomcat Sort Parameter Cross Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/sessions?path="; nocase; content:"sort="; nocase; pcre:"/sort\x3D.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/i"; reference:bid,45015; reference:cve,2010-4172; classtype:web-application-attack; sid:2013117; rev:5; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2011_06_24, cve CVE_2010_4172, deployment Datacenter, signature_severity Major, tag XSS, tag Cross_Site_Scripting, updated_at 2020_08
Suricata
ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ssh2|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013006; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=phar|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013005; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ogg|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013008; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=rar|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013007; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=expect|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013009; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=data|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013003; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
ET WEB_SERVER PHP Possible https Local File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible https Local File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=https|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2012998; rev:5; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2011_06_10, cve CVE_2002_0953, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signature_severity Major, tag Local_File_Inclusion, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_i
Suricata
ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=glob|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013004; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ftps|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013000; rev:5; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2011_06_10, cve CVE_2002_0953, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signature_severity Major, tag Local_File_Inclusion, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id T
Suricata
ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=ftp|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2012999; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=php|3a|//"; reference:cve,2002-0953; reference:cve,2024-4577; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013001; rev:5; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=zlib|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013014; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
suricata·2011-06-10
CVE-2002-0953 ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt"; flow:established,to_server; http.uri; content:".php?"; content:"=file|3a|//"; reference:cve,2002-0953; reference:url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/; classtype:web-application-attack; sid:2013002; rev:6; metadata:created_at 2011_06_10, cve CVE_2002_0953, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
suricata·2011-06-09
CVE-2010-3272 ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; fast_pattern; http.request_body; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:4; metadata:created_at 2011_06_09, cve CVE_2010_3272, confidence Medium, signature_severity Major, updated_at 2020_1
Suricata
ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
suricata·2011-06-09
CVE-2010-3274 ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt"; flow:established,to_server; http.uri; content:"/EmployeeSearch"; nocase; fast_pattern; content:"actionId="; nocase; content:"searchString="; nocase; pcre:"/^.+(?:script|alert|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/Ri"; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3274; classtype:web-application-attack; sid:2012980; rev:3; metadata:created_at 2011_06_09, cve CVE_2010_3274, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt
suricata·2011-06-09
CVE-2010-4111 ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt
ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt"; flow:established,to_server; http.uri; content:"/hpdiags/frontend2/help/search.php?query="; nocase; pcre:"/^.+(?:script|alert|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/Ri"; reference:bid,45420; reference:cve,2010-4111; classtype:web-application-attack; sid:2012976; rev:3; metadata:created_at 2011_06_09, cve CVE_2010_4111, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0962 ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine?tag=Portal_introductionhomepage"; nocase; pcre:"/^.+(alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0962; classtype:web-application-attack; sid:2012824; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0962, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/advancedfind.do?extn="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012819; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/logicalTopo.do?clusterName="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012823; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/iptm/eventmon?cmd="; nocase; content:"&dojo.preventCache="; nocase; pcre:"/cmd\x3D(?:filterHelper|getDeviceData\x26group\x3D).+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/i"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012821; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0959 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"deviceCapability=deviceCap"; nocase; content:"/iptm/ddv.do?deviceInstanceName="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0959; classtype:web-application-attack; sid:2012820; rev:3; metadata:created_at 2011_05_18, cve CVE_2011_0959, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
suricata·2011-05-18
CVE-2011-0961 ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt"; flow:established,to_server; http.uri; content:"/cwhp/device.center.do?device="; nocase; pcre:"/^.+(?:alert|script|onmouse|onkey|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ri"; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0961; classtype:web-application-attack; sid:2012825; rev:4; metadata:created_at 2011_05_18, cve CVE_2011_0961, signature_severity Major, updated_at 2020_04_20;)
Suricata
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt
suricata·2011-05-18
CVE-2011-0960 ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt
ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt"; flow:established,to_server; http.uri; content:"/iptm/PRTestCreation.do?RequestSource=dashboard&MACs=&CCMs=|27|waitfor"; nocase; content:"delay|27|"; nocase; reference:url,www.exploit-db.com/exploits/17304/; reference:cve,2011-0960; classtype:web-application-attack; sid:2012818; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2011_05_18, cve CVE_2011_0960, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_04_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1
Suricata
ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt
suricata·2011-03-01
CVE-2010-4367 ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt
ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt"; flow:established,to_server; http.uri; content:"awstats.cgi"; nocase; content:"config="; nocase; content:"pluginmode=rawlog"; nocase; content:"configdir=|5C 5C|"; nocase; fast_pattern; reference:bid,45123; reference:cve,2010-4367; classtype:web-application-attack; sid:2012393; rev:4; metadata:created_at 2011_03_01, cve CVE_2010_4367, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_13;)
No public exploits indexed.
HackerOne
SMTP interaction theft via MITM
hackerone·2020-11-04·CVSS 6.8
CVE-2011-0411 [MEDIUM] SMTP interaction theft via MITM
SMTP interaction theft via MITM
See http://www.postfix.org/CVE-2011-0411.html for adetailled description.
## Impact
MitM could obtain user credentials.
@duesee found it was possible for an active MITM to inject a plaintext collaborator ID and use that to steal collaborator SMTP interactions We patched this in the following release: https://portswigger.net/burp/releases/professional-community-2020-9-2
This issue is closely related to CVE-2011-0411, and due to our non-standard SMTP implementation, some vulnerability scanners incorrectly flag the patched server as being vulnerable.
Bugzilla
CVE-2020-29373 kernel: Insecure handling of root directory for path lookups via io_uring
bugzilla·2020-09-04·CVSS 6.5
CVE-2020-29373 [MEDIUM] CVE-2020-29373 kernel: Insecure handling of root directory for path lookups via io_uring
CVE-2020-29373 kernel: Insecure handling of root directory for path lookups via io_uring
A flaw was found in Linux kernel. Insecure handling of root directory for path lookups in io_uring may lead to a process inside a mount namespace to gain access to the filesystem outside of it.
References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2011
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1887423]
---
This was fixed for Fedora with 5.4.24 stable kernel updates.
---
*** Bug 1903291 has been marked as a duplicate of this bug. ***
2020-05-13
Published