HTTP POST contains malicious script (HTTP_POST_Script)

About this signature or vulnerability

RealSecure Desktop, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Guard, RealSecure Sentry, RealSecure Server Sensor, BlackICE Agent for Server, RealSecure Network:

This signature detects if an HTTP POST command contains a <script> tag.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

RealSecure Desktop: baseline, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Network MFS: 1.0, RealSecure Desktop Protector 3.6: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, BlackICE Server Protection: 3.6.cbd, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE PC Protection: 3.6.cbd, RealSecure Guard: 3.6, RealSecure Sentry: 3.6, RealSecure Server Sensor: 7.0, BlackICE Agent for Server: 3.6, RealSecure Desktop Protector: 3.6, RealSecure Network: 7.0

Systems affected

Various vendors Any application, IETF HTTP/1.1

Type

Suspicious Activity

Vulnerability description

A remote attacker may be attempting to execute arbitrary code on the Web server by sending a specially-crafted POST command containing malicious script. The script could be written in Java or some other scripting language.

How to remove this vulnerability

Ensure that your personal firewall, operating system, and programs are up-to-date in order to minimize the threat of a system compromise.

References

ISS X-Force
HTTP POST contains malicious script
http://www.iss.net/security_center/static/8539.php