Rule: -- Sid: 1457 -- Summary: This event is generated when an attempt is made to exploit an authentication vulnerability in a web server or an application running on that server. -- Impact: Information gathering and system integrity compromise. Possible unauthorized administrative access to the server or application. -- Detailed Information: This event is generated when an attempt is made to exploit a known vulnerability in Blackboard CourseInfo running on a web server. Any valid user is able to modify the contents of the database by supplying form values of their choosing to the perl scripts running the application. -- Affected Systems: Blackboard CourseInfo 4.0 for UNIX and Windws NT -- Attack Scenarios: An attacker can access the authentication mechanism and supply his/her own credentials to gain access. Alternatively the attacker can exploit weaknesses to gain access as the administrator. -- Ease of Attack: Simple. No exploit software required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Upgrade the application to the latest non-affected version of the software. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --
