Check Point Advisories

Update Protection against VWar Remote File Inclusion Vulnerability

Check Point Reference: CPAI-2006-077
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: FrSIRT/ADV-2006-1228
Industry Reference:CVE-2006-1636
Protection Provided by:
Who is Vulnerable? Virtual War version 1.5.0-R12 and prior
Vulnerability Description Several vulnerabilities have been reported in Virtual War (VWar) due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system.
Update/Patch AvaliableUpgrade to Virtual War version 1.5.0-R13 :
http://www.vwar.de/download.php
Vulnerability DetailsThese flaws are due to input validation errors in the "includes/get_header.php", "includes/functions_common.php" and "includes/functions_front.php" scripts that do not validate the "vwar_root" variable.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK