|Check Point Reference:||CPAI-2012-1319|
|Date Published:||13 Jan 2013|
|Protection Provided by:||
|Who is Vulnerable?||Dell SonicWALL Scrutinizer before 9.5.2|
|Vulnerability Description||An SQL injection vulnerability has been reported in Dell SonicWALL Scrutinizer.|
|Vulnerability Details||The vulnerability is due to insufficient filtering of certain parameters used in SQL queries. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server. Successful exploitation could lead to unauthorized information disclosure.|
This protection will detect and block specially crafted requests.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
- In the IPS tab, click Protections and find the Dell SonicWALL Scrutinizer SQL Injection protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
SmartView Tracker will log the following entries:
Attack Name: Application Servers Protection Violation
Attack Information: Dell SonicWALL Scrutinizer SQL Injection